Denial-of-Service Attacks

One of the most popular news stories this month involves Julian Assange and the website WikiLeaks. Assange was granted bail in England yesterday, but must remain in the country pending a Swedish appeal. Assange’s bail was set at £200,000 (around $315,000), and many people are showing their support by donating money to WikiLeaks. Last week, many companies decided to halt donations the WikiLeaks claiming that the website promoted illegal activities. This refusal to donate money spawned a group of cyber attacks on the company websites of Paypal, Amazon, MasterCard and Visa. The type of attacks used are called DoS (Denial of Service Attack) or DDoS (Distributed Denial of Service Attack), and cause a website to become inaccessible to any users. In this post I will explain how DoS and DDoS attacks work, and what this recent attack on major websites means for Internet security.

DoS and DDoS attacks are caused when a website’s network is flooded with various requests, causing the CPU usage to reach 100 percent. This is achieved by sending large packets of data multiple times until the CPU cannot process any more of the requests. Since the CPU can no longer handle any tasks related to the website, users trying to access the page will be unsuccessful. The difference between these two types of attacks is simply the number of attacking computers being used, with the distributed denial-of-service using more than one computer. These types of attacks can be led by one person, or collectively with a group of people. The latter was demonstrated last week when some users of the website 4chan decided to organize a DDoS attack on the websites refusing to help WikiLeaks.

4chan is an image board that allows users to anonymously discuss topics and post images to the site. The users of 4chan are known for their involvement in various Internet pranks and attacks, mainly using DDoS attacks to disable targeted websites. These attacks are part of something called “Operation Payback”, which began after many torrent-downloading sites were taken down. In retaliation, the members of Operation Payback organized denial-of-service attacks on anti-pirating websites and organizations. The group has continued to show its “strength”, resulting in the recent attacks on the Paypal, MasterCard, and Visa websites. Although DDoS attacks from 4chan’s users is nothing new, the method in which the attack was conducted presents a new security threat to the Internet.

Denial-of-service attacks were originally conducted using the “ping of death” technique, which sent on oversized ping package to a targeted computer. Older computers were unable to handle these packages, causing them to crash. Since this type of attack today would not affect modern computers, newer types of DoS attacks have been created. One reason the recent attacks on MasterCard and Visa were so “successful” involves a new method of DDoS using the tool LOIC. The Low Orbit Ion Cannon is a stress tester for networks and floods the targeted website with various requests and pings.

The idea that a relatively small group of people was able to take major websites down for a number of hours is somewhat scary, but in the end no one’s information was obtained and purchases could still be made (for some users). Participating in a DDoS attack is illegal, and some of the people involved in the recent 4chan attack have been arrested and questioned in the last few days. Although the FBI probably wont spend too much time and money hunting down these activists, it makes you wonder what a larger more organized group of attackers could be capable of.