Will DDoS Attacks Take Over the Internet?
- — 03 February, 2011 09:00
Forget tablet computers or smartphones. 2010 was the year of the distributed denial of service (DDoS) attack, if network security outfit Arbor Networks is to be believed.
In its Network Infrastructure Security Report, published yesterday, it points out that DDoS attacks have increased by 1000 percent since 2005, when it began monitoring the situation. Last year's biggest attack doubled in scale compared with 2009, with one attack in particular bombarding its target at 100 gigabits per second.
Arbor expects things to get worse this year. So could DDoS attacks become so significant that they're a major bugbear for anybody with an online presence?
DDoS attacks work by overwhelming a Website or the infrastructure that leads to it with meaningless, rapid-fire bursts of data. It's the equivalent of jamming a phone switchboard when too many people call in. However, often hundreds or even thousands of computers are involved in a DDoS attack. It's quick and dirty but effective, and--if done right--Websites can be made inaccessible for however long the attack lasts.
Three things have occurred recently that implies DDoS attacks are going to get worse. The first is the Wikileaks protests last year, which galvanized even moderate Internet freedom supporters to protest using the Low Orbit Ion Cannon (LOIC) hacker tool, by which coordinated DDoS attacks can be launched.
More worryingly, however, the Wikileaks fiasco has redefined DDoS attacks as a legitimate form of protest. Computing God Richard Stallman has gone on record saying DDoS attacks are "the Internet equivalent of a mass demonstration." Stallman defines such "demonstrations" as being separate from hacking or cracking, and compares them with harmless demonstrations that temporarily closed down several British stores recently, in order to highlight corporate tax evasion.
In other words, if Gandhi were alive today, he'd be organizing DDoS attacks. However, modern-day Gandhis should be aware that DDoS attacks are illegal under the Computer Fraud and Abuse Act and can lead to jail time.