Rick Robinson

Feb 24th 2020

Service Denied! The DDoS Attack Threat


A DDoS attack — which stands for “distributed denial of service” — is a type of cyberattack that hijacks innocent users’ computers in order to attack a website and render it temporarily inaccessible or inoperable.

In such an attack, the targeted website is flooded with fake user requests, so many of them that they cannot handle the traffic. The site may be knocked offline entirely by the overflow traffic, or its response to legitimate requests may simply slow to such a crawl that the website becomes unusable by its intended users.

And because DDoS attacks operate by hijacking innocent machines, they are exceptionally difficult for security experts to trace back to their originator, meaning that the targeted website usually cannot determine the attacker’s identity.

Botnets on the March

But the most distinctive feature of DDoS attacks is that they victimize not only the targeted website (and its users, who suffer the actual denial of service) but also the owners of other computers and internet devices — up to hundreds of thousands of them — whose machines are taken over in order to send the fake requests that cripple the targeted website.

Not all denial of service attacks are “distributed”; such attacks can also be launched using a single machine to send the fake service requests. But as Kim Zetter notes at Wired, such single-origin attacks have been largely supplanted by DDoS attacks.

The computers hijacked for a DDoS attack are “recruited” by being infected with a computer virus that places the infected computer under control of the attacker. A computer thus infected is called a bot (short for robot) or zombie. A network of bots used in an attack is a botnet.

The owners and users of these infected computers are generally unaware that their computers are infected, or being used in an attack. They may notice sluggish performance when their computer is being used in a botnet, but without knowing the cause.

While the computers used in a botnet are infected, the website targeted by a DDoS attack is not itself directly infected by the attack, and its data is not being stolen — it is simply flooded with spurious service calls. However, the disruption caused by DDoS may also be used to attempt other attacks on the targeted website.

Motives for DDoS attacks can vary from straightforward money extortion (“pay up, or we’ll keep knocking you offline”) to political motivations. The latter involve both so-called hacktivists and state intelligence agencies. One of the most notable DDoS attacks to date was launched in 2007 against Estonian websites by actors associated with Russia.

DDOS Hits Warp Speed

More recently a new type of DDOS attack has come to the fore. ZDNet reports that attackers have learned how to hack into servers running a software application called Memcached, which is designed to speed up web page loading. Servers running Memcached should never be exposed the public Internet — but many website operators fail to provide this protection, allowing DDOS attackers to hijack the servers and put Memcached to work for them.

In 2018, reports Wired, the developer website GitHub was subjected to the most massive DDOS attack yet recorded, when request traffic suddenly jumped to 1.7 terabits per second — roughly comparable to a million users all trying to access the same website at the same time.

The good news is that GitHub recovered within minutes. But most websites are not as well-prepared to handle such an attack.

Enter the Internet of Things

In and of themselves, DDoS attacks are not the most damaging form of cyberattack, since the target website is only temporarily disabled, and — unless another type of attack is also involved — its data is not compromised. The machines used in the botnet are compromised, but the attackers are often interested only in using the bots to send fake service requests, not stealing data from them.

But as Margaret Rouse reports at SearchSecurity, the emergence of the Internet of Things (IoT) is raising the stakes for DDoS attacks. The things in the Internet of Things are internet-connected gadgets of all sorts, from exercisers’ activity tracking wristbands to industrial controllers. Few of these IoT devices have been designed for security — meaning that they are all too vulnerable to hackers who want to take them over and use them in DDoS attack botnets.

The challenge of protecting IoT devices against being hijacked by DDoS attackers underlines just one facet of a transformation now overtaking the computing and technology world.

Because of the Internet of Things, “tech” in the sense of computers and information technology is no longer separate from the broader domain of technology. Every sophisticated machine is now likely to also be an internet device, with all the implications for security as well as capabilities.

At Northrop Grumman, you can work with some of the world’s most sophisticated connected devices, up to and including automated technology. And security in all its forms is the heart of the business.