by Daniel Riedel
With anonymous hackers, terrorists, and trolls roaming the digital highways using high-tech tools to shut down the servers of prominent organizations, the Internet can seem like a scary place.
The recent string of distributed denial of service attacks, which are malicious attempts to make a server or a network resource temporarily unavailable by interrupting the host’s Internet services, attests to this very real threat. And from the infamous PayPal 14 to attacks against Israeli websites, it seems as though these hacker groups not only have masks and capes but also superpowers that rival Marvel’s Avengers.
The Implications of DDoS Attacks
Unfortunately, the occurrence of these groups and attacks has become all too common.
A file-encrypting ransomware program called CryptoWall recently gained notoriety by infecting more than 600,000 computer systems in the past six months, holding five billion files hostage, and earning its creators more than $1 million, researchers found.
Businesses are even launching attacks on one another. Take Uber, for example. The company is currently conducting a systematic DDoS attack against Lyft by placing false calls and effectively wasting its resources. Uber is arming teams of independent contractors called “brand ambassadors” with burner phones and credit cards as part of its sophisticated effort to destabilize Lyft. These ambassadors then request rides from Lyft, recruit drivers, and take multiple precautions to avoid detection.
The national effort has already resulted in thousands of canceled Lyft rides and made it more difficult for competitors to gain a foothold in new markets. In essence, this is what DDoS does: A denial-of-service places a request to a computer, which locks the computer into completing a dead-end request as opposed to doing something useful.
The truth is, these attacks aren’t as sophisticated as they seem, and they’re driven by political motivations or acts of revenge more than anything else.
Understanding the Technical Specs
Searching through popular hacker hangouts such as 4chan or Twitter, it’s easy to find programs that can perform a DDoS attack. These programs are simple scripts that, when run, will repeatedly send refresh requests to a website’s server.
With enough computers refreshing enough times, the server will eventually overload and shut down.
In instances such as the PayPal 14 case, the owners of the computers run these programs on purpose, coordinating attacks on websites they feel deserve to be shut down. Other times, a botnet is spread through a malicious social media link that installs and runs the script without the user’s knowledge, which leaves law enforcement having to figure out who’s actually involved.
Hacking as a Form of Digital Picketing
If a DDoS attack is successfully carried out, news of the attack spreads rather quickly via forums, social media, and even the mainstream media. Everyone then traces it back to the attackers who hide under the guise Anonymous — an infamous “hacktivist” group that’s not actually a group, but rather a collection of people who accomplish an online attack and want to exercise bragging rights while maintaining anonymity.
Although a successful DDoS attack will spark attention and a level of Internet fame, both the hacker and IT communities refer to the perpetrators as “script kiddies,” poking fun at the fact that downloading and running a script is so simple a child could do it.
Data is never compromised in a DDoS attack because hackers don’t have access to the servers. But these attacks are often used as a cover for another attack, so it’s best to make sure all your systems are reporting healthy and clean during and after.
Although nothing gets stolen, these attacks effectively shut down online commerce and affect a company’s bottom line, which is why they’re generally associated with “actual” hacking attacks.
It seems you can’t exist online without aggravating someone, so what can you do to safeguard against these attacks?
Protecting Your Business
Unfortunately, there’s no real way to completely prevent a DDoS attack. But as a startup, you can take a couple anticipatory steps to help you sleep a little easier at night:
- Utilize a cloud service. Cloud services such as CloudFlare can help you avoid these costly attacks. Think of it as building your business behind the protection of a castle’s walls — to take down your building, intruders would need to siege the entire castle. But even these services aren’t foolproof to the nation state attack.
- Don’t obsess over it. Despite your best efforts, you never know who might have a problem with you and want to deny service to your customers — whether online or off. Don’t obsess, but don’t assume that you’re immune to an attack, either.
While a DDoS attack certainly isn’t the biggest threats to your business, it’s a legitimate threat that can happen to anyone. But understanding how these attacks work and targets are chosen will help you keep your cool and take appropriate measures if the script kiddies strike.
Daniel Riedel is the CEO of New Context, a systems architecture firm founded to optimize, secure, and scale enterprises. New Context provides systems automation, cloud orchestration, and data assurance through software solutions and consulting. Daniel has experience in engineering, operations, analytics, and product development. Previously, he founded a variety of ventures that worked with companies such as Disney, AT&T, and the National Science Foundation.
Montecruz Foto | Courtesy of Daniel Riedel