In recent months, a number of hackers have finally been charged following their participation in “Operation Avenge Assange”. The operation involved a number of DDoS attacks that targeted any site deciding to withdraw support for Wikileaks in the light of government pressure. One of the most well known sites to be targeted was PayPal, which is believed to have lost around £3.5 million as a result. Other victims included Mastercard and Visa.
Four of the hackers responsible for carrying out the attacks pleaded guilty at Southwark Crown Court, London last month. Two were given sentences of eighteen and seven months, with another given a six-month suspended sentence. The final man has yet to be charged.
Distributed-Denial-Of-Service attacks are a common form of hacking technique. They comprise of multiple compromised systems being used in order to create a classic Denial of Service (DoS) assault, i.e. a flood of requests to a website causing it to either drastically suffer in performance, or in many other cases, cease operating altogether by exhausting all available CPU, memory or bandwidth resources.
As a general rule, DDoS attacks tend to be carried out on commercial and government websites, with motives ranging from financial gain (ransom DDoS), to general maliciousness and to hacktivism and competitive feuds.
From the defenders stand point, DDoS represents one of the most dangerous possible online threats. Protection from such attacks, which can come in various shapes and sizes, relies on having a strong network backbone as well as intelligent access control policies, which will help deal with the latest Application Layer threats. Even with the combination of the two, DDoS can still pose a challenge to most website owners.
Recent recorded attacks
As mentioned, DDoS attacks have been starring in headlines for the last few years with an increasing volume and with more and more companies and websites being attacked. Even high profile websites have been targeted in the last year or two. For example:
– BTC China, a BitCoin exchange website, was recently the target of an attack that reached a total size of 100Gbps, indicating the power that is currently available to hackers who know their stuff. In this case, it’s believed that the assault was motivated by those looking to profit financially through manipulating the currency.
– In November this year, Microsoft were also affected by a similar assault, the credit for which has been taken by the hacktivist collective Anonymous. Several of the company’s servers were disrupted including outlook.com, msn.com, the Windows Store and Xbox Live amongst others. The actual targets of the attack were Microsoft sites based in Japan.
– Sixteen different assaults have been thrown at the US’s own healthcare.gov website. Though the attacks all failed, the techniques followed the DDoS pattern, generating thousands of requests to both HealthCare.org in a bid to stop the site from working.
How will the assaults evolve?
For those dealing with cyber-security, 2013 was “the year of DDoS”. Over the course of the year, we received several alarming reminders of just how dangerous these attacks can really get. Perhaps one of the most worrying news came from DDoS Protection service provider (Incapsula), the same company that was able to protect BTC China from the above mentioned 100Gbps attack.
The security researchers at Incapsula recently reported about an attack from a “DDoS Cannon” which was single handedly able to generate 4Gbps worth of power. This level of threat is unprecedented because with DNS amplification such resource could be used to execute 400Gbps DDoS attacks, larger than any other to date. This shows us that DDoS attacks will only increase in the future, in both numbers and in volume.