The DDoS Hall of Shame
- 06 March, 2011 05:59
Distributed denial of service (DDoS) attacks like the ones that nailed WordPress blogs in early March have been around for decades, but it's only in the last dozen years that they've had enough impact to grab public attention.
With the rise and commercial availability of botnets that provide a distributed platform from which to launch these attacks the means to carry them out are accessible.
Due to the cost, though, they have to be carried out by a motivated adversary bent on harm since there is little way to reap monetary profit from them aside from blackmailing potential victims with threats of crippling their servers.
Here are some of the notable DDoS attacks of the past few years:
Windows PCs become tools for denial-of-service attacks
In 2000, DDoS attacks on Yahoo!, eBay, eTrade, Amazon.com and CNN were launched from commandeered Unix machines in businesses and universities, but a few weeks later the malware directing the attacks called Trinoo shifted to Windows PCs.
DDoS attack highlights 'Net problems
Internet root servers were attacked in 2002, but the attacks were blunted enough for the servers to recover without a major take-down of the Internet itself. After the attack, limits on the Internet Control Message Protocol (ICMP) messages these servers will accept were set to ensure that type of attack in the future wouldn't succeed. The 13 root servers targeted run as the master directory for lookups that match domain names with their corresponding IP addresses
Estonia suffers massive denial-of-service attack
A spree of DDoS attacks against Web sites in Estonia in May of 2007 crippled Web sites for the prime minister, banks, and less-trafficked sites run by small schools. But most of the affected Web sites were restored quickly, and the government called for greater response mechanisms to cyber attacks within the European Union. Russia was accused of the attacks, but they could not be traced back to a single source there.
Storm worm strikes back at security pros
During the height of the Storm worm attacks in 2007, a security researcher revealed that the people behind it or the worm itself was launching DD0S attacks against researchers trying to figure out a way to defeat it. The worm was able to figure out which users were trying to probe its command-and-control servers, and it retaliated by launching DDoS attacks that shut down their Internet access for days, said Josh Corman, now an analyst with the 451 Group.
Georgia cyberattacks linked to Russian organized crime
DDoS attacks aganst the country of Georgia were seen as a way to soften up the country in preparation for a five-day military invasion by Russia in 2007. About a year later the U.S. Cyber Consequences Unit, an independent research institute concluded the attacks were launched by Russian criminal gangs in sympathy with the Russian government.
Twitter DDoS attack politically motivated
DDoS attacks in August of 2009 that affected Twitter, Facebook, LiveJournal and several Google sites may have been an attempt to silence a blogger named Cyxymu from the Eastern European country of Georgia who was an outspoken supporter of his country. Facebook CSO Max Kelly has said the attack was coordinated to keep the blogger's voice from being heard.
Mikko Hypponen, the Chief Research Officer of Internet security firm F-Secure, said of the attacks, "Launching DDoS attacks against services like Facebook is the equivalent of bombing a TV station because you don't like one of the newscasters."
DDoS attack on DNS hits Amazon and others just before Christmas
Amazon.com and Amazon Web Services servers were hit by a DDoS attack Dec. 23, 2009 , as North American consumers rushed to finish online shopping ahead of the end-of-year holiday season.
Anonymous takes down Visa.com in WikiLeaks protest
A loosely organized group of Internet hacktivists called Anonymous took down Visa's website Dec. 7, 2010 after organizing similar attacks on Mastercard and PayPal. Anonymous, had been encouraging volunteers to download software called LOIC (Low Orbit Ion Cannon), which let them centrally control these systems and direct them into a DDoS. The point of the attacks was to put pressure on financial companies that recently cut ties with the WikiLeaks website over its publication of more than a quarter million U.S. Department of State classified cables.
Read more about wide area network in Network World's Wide Area Network section.