17.6 – Distributed Denial of Service (DDoS)

Network Capacity

The Internet is extremely robust and carries millions of packets of information without error every second. After all, it was designed to withstand a nuclear attack, and many techniques are used to route information around problem areas.

The capacity of the network is not unlimited, however, especially when dealing with individual machines. One of the earliest forms of malware on the Internet was based on the concept that too much information can be weaponized.

There is a constant stream of information flowing to and from servers on the Internet. These transactions happen in the blink of an eye, but there are a lot of them. Sites like Google, Facebook and other giants handle so much traffic that they need to use millions of servers, high-capacity bandwidth, and other efficiencies to be sure they can quickly respond to every user. Even servers without high-capacity requirements will need to be fast enough to handle their expected traffic.

 

Denial of Service

If there is a concerted effort to deliver as many information packets to a server in as short a time as possible, one can overwhelm the ability of the receiving computer to respond. It is like riot police turning a high-pressure firehose on protesters, so demonstrators are literally stopped in their tracks and cannot do anything else. Most servers in the world, if they face an onslaught of data which exceeds their capacity to deal with it, will suffer a similar fate. Other users will be locked out, or just get a blank screen when requesting information from the site.

This is called a denial service of attack, where the overflow of information effectively takes the victim server off the Internet. While the assault continues (and the attack is usually meaningless data – it is the quantity that is the problem), nobody else can get access.

If attackers used a single computer to deliver these junk packets to a victim, most servers could easily handle it. They are built to handle a lot of traffic, and anything from a single computer will usually not even be a blip.

 

Distributed Denial of Service

However, there is a variant called a distributed denial of service attack, or DDoS. A DDoS leverages the power of many computers, sometimes millions, to team up and deliver junk packets to a single victim. If there are enough attacking computers, there are very few systems in the world which can withstand it.

Those computers in the attacking system do not have to be all owned by the assailant. They seldom are. Instead, the criminals will develop a “bot net”, or a collection of individual computers which have been infected in some way and are awaiting commands. Once they are activated, and given a target, they will start inundating the ultimate victim with data together with all the rest of the bot net machines. Any compromised computer sending these packets is also a victim, since it might be a home user who suddenly finds that so much data is flooding out of their system that it becomes unusable.

Although early DDoS attacks were just vandalism, or to take an “enemy” off the Internet, their main focus today is monetary. Once a victim has been blocked from Internet activity, the hacker will contact them and demand payment in exchange for relief. For sites which depend on being active and available on the Internet, say an online casino, they may pay the blackmail charge just to resume business.

It is relatively rare for an individual to be subjected to a DDoS attack. However, it is not uncommon to be infected so that an individual computer is part of the bot net waiting to attack others. Law firms which have a high profile or are working on specific files, though, may be targeted.