Viewpoint: DDoS attacks are evolving to take advantage of mobile

DDoS attack graphic Would-be hackers can rent a botnet to try to force a site offline for as little as £50 a day

Related Stories

The technology world isn't exactly starved for acronyms. These days, however, one stands out: DDoS.

It's short for distributed denial of service, tech-speak for cyber attacks that overwhelm computers and make websites disappear. The cost in revenue, customer service and brand equity is often huge.

E-commerce companies, for example, have taken losses in the millions of pounds. And while an attack might last a day or two, a company's call centre could field questions about it for weeks.

When customers, partners and shareholders hear you were knocked offline, your public reputation takes a major hit.

How DDoS works

Who launches DDoS attacks? Extortionists and cut-throat competitors are the main culprits.

Start Quote

Mobile devices are not only susceptible to malware infections but can also be used to download free attack tools. That's right, you can launch a DDoS attack from most smartphones or tablets”

End Quote

So-called hacktivists like the cyber-gang Anonymous have joined the fun, targeting corporations or governments whose policies they oppose.

In one common scenario, an attacker floods a network connection with tens of gigabits of traffic, creating bottlenecks in firewalls, routers or even the connection itself.

When the next request for service tries to come or go, the network connection is clogged. The request is denied. Communication stops.

Another frequent occurrence: an attacker floods a target with hundreds of thousands of requests per second. When the receiving server attempts to process them, it quickly clogs and shuts down. Upon the next request, the server is unavailable.

Rapidly spreading threat

The first DDoS attacks occurred in the late 1990s.

By 2000, e-commerce sites were targeted and the business world quickly took notice.

It is now widely agreed that attacks occur thousands of times each day, with annual growth assessments as high as 45%.

One reason: low-cost, freely distributed DDoS attack technologies. Tools such as the low orbit ion cannon (LOIC) - a favourite piece of attack software - let anyone with a computer unleash a deadly barrage.

For as little as £50 a day you can even rent a botnet, an ad hoc network used to amplify attacks.

DDoS in the news

The Anonymous hacktivist movement has repeatedly made headlines by using DDoS attacks to disrupt its targets' websites, claiming Tango Down - a military term adopted by hackers - when it succeeded.

Examples include April's attacks on UK government sites which were linked to a planned extension of the country's surveillance laws, and January's assault on a variety of anti-piracy groups following the closure of the Megaupload file-sharing site.

But the technique is also used by many others.

Pastebin - a site used by Anonymous to post details of its exploits - has repeatedly come under attack, as has the Swedish file-sharing site The Pirate Bay.

South Korean prosecutors have accused North Korean "cyber-terrorists" of carrying out DDoS attacks against one of their banks, while a Chinese gang is alleged to have blackmailed precious metal traders by threatening to barrage their servers if they did not pay up.

There are multiple reports of human rights organisations and independent media sites being targeted, particularly at the time of elections, during military operations and when protest rallies have been taking place.

There have also been allegations of companies using botnet attacks to destabilise competitors' services, in one case leading to the arrest and trial of a Russian firm's chief executive.

According to some sources, there are now over 50 popular DDoS tools - and the number is growing fast.

Besides becoming more numerous, attacks are growing in sophistication.

In the past, they mainly targeted the network layer of internet infrastructure. Now however, many zero in on internet-facing applications.

The idea is to exploit weaknesses and sap server resources.

Often going unnoticed, this tactic can be quite effective. For example, using the LOIC tool an attacker can target your website's log-in page, overpowering back-end databases with costly CPU (central processing unit) queries.

The result can be the same as from a larger attack - an outage.

False sense of security

Like the internet itself, DDoS attacks are global.

On the list of countries generating the most attacks are China, Ukraine, India and the United States, though reports vary.

However, things aren't always as they seem. Thanks to a rise in spoofed IP (internet protocol) addresses - packets of data whose sources have been forged - you can't always be sure where the trouble starts.

Without advanced IP technologies, it can be difficult to know an attacker's actual location. In truth, tracing an attack's origin doesn't always aid your defence.

Neither does the false hope that traditional measures will safeguard websites.

One shibboleth: "My ISP (internet service provider) will defend me from DDoS attacks."

In truth, if an attack threatens your ISP's network, you will be taken offline to protect other customers.

Another myth: firewalls or intrusion detection systems will keep you safe.

In fact, either can become a bottleneck, helping to achieve the attacker's goal of slowing or shutting you down. During DDoS attacks, firewalls go down faster than the servers they are meant to protect.

The risks ahead

Last September, Damballa Labs reported that thousands of compromised Android devices were linked to criminal botnets.

DDoS attack graphic Protection measures including firewalls can be overcome by DDoS attacks

During one two-week stretch, 20,000 devices were involved, an eye-opening milestone.

When you think about it, though, this shouldn't come as a surprise. Mobile device infrastructure is expanding fast, essentially creating a second-tier wireless internet.

Unfortunately, mobile security hasn't kept pace. Mobile devices are not only susceptible to malware infections but can also be used to download free attack tools.

That's right, you can launch a DDoS attack from most smartphones or tablets.

Looking ahead, expect the DDoS threat to continue growing briskly. Attack tools will evolve. So will methodologies.

Money and ideology will always be powerful motives. The only thing that won't change is the importance of the internet, making DDoS attacks a when, not an if.

Rick Rumbarger is senior director at Neustar, a Virginia-based technology services company offering cyber security, fraud protection and data analytics products.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories



BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.