Viewpoint: DDoS attacks are evolving to take advantage of mobile

  • Published
DDoS attack graphic
Image caption,

Would-be hackers can rent a botnet to try to force a site offline for as little as £50 a day

The technology world isn't exactly starved for acronyms. These days, however, one stands out: DDoS.

It's short for distributed denial of service, tech-speak for cyber attacks that overwhelm computers and make websites disappear. The cost in revenue, customer service and brand equity is often huge.

E-commerce companies, for example, have taken losses in the millions of pounds. And while an attack might last a day or two, a company's call centre could field questions about it for weeks.

When customers, partners and shareholders hear you were knocked offline, your public reputation takes a major hit.

How DDoS works

Who launches DDoS attacks? Extortionists and cut-throat competitors are the main culprits.

So-called hacktivists like the cyber-gang Anonymous have joined the fun, targeting corporations or governments whose policies they oppose.

In one common scenario, an attacker floods a network connection with tens of gigabits of traffic, creating bottlenecks in firewalls, routers or even the connection itself.

When the next request for service tries to come or go, the network connection is clogged. The request is denied. Communication stops.

Another frequent occurrence: an attacker floods a target with hundreds of thousands of requests per second. When the receiving server attempts to process them, it quickly clogs and shuts down. Upon the next request, the server is unavailable.

Rapidly spreading threat

The first DDoS attacks occurred in the late 1990s.

By 2000, e-commerce sites were targeted and the business world quickly took notice.

It is now widely agreed that attacks occur thousands of times each day, with annual growth assessments as high as 45%.

One reason: low-cost, freely distributed DDoS attack technologies. Tools such as the low orbit ion cannon (LOIC) - a favourite piece of attack software - let anyone with a computer unleash a deadly barrage.

For as little as £50 a day you can even rent a botnet, an ad hoc network used to amplify attacks.

According to some sources, there are now over 50 popular DDoS tools - and the number is growing fast.

Besides becoming more numerous, attacks are growing in sophistication.

In the past, they mainly targeted the network layer of internet infrastructure. Now however, many zero in on internet-facing applications.

The idea is to exploit weaknesses and sap server resources.

Often going unnoticed, this tactic can be quite effective. For example, using the LOIC tool an attacker can target your website's log-in page, overpowering back-end databases with costly CPU (central processing unit) queries.

The result can be the same as from a larger attack - an outage.

False sense of security

Like the internet itself, DDoS attacks are global.

On the list of countries generating the most attacks are China, Ukraine, India and the United States, though reports vary.

However, things aren't always as they seem. Thanks to a rise in spoofed IP (internet protocol) addresses - packets of data whose sources have been forged - you can't always be sure where the trouble starts.

Without advanced IP technologies, it can be difficult to know an attacker's actual location. In truth, tracing an attack's origin doesn't always aid your defence.

Neither does the false hope that traditional measures will safeguard websites.

One shibboleth: "My ISP (internet service provider) will defend me from DDoS attacks."

In truth, if an attack threatens your ISP's network, you will be taken offline to protect other customers.

Another myth: firewalls or intrusion detection systems will keep you safe.

In fact, either can become a bottleneck, helping to achieve the attacker's goal of slowing or shutting you down. During DDoS attacks, firewalls go down faster than the servers they are meant to protect.

The risks ahead

Last September, Damballa Labs reported that thousands of compromised Android devices were linked to criminal botnets.

Image caption,

Protection measures including firewalls can be overcome by DDoS attacks

During one two-week stretch, 20,000 devices were involved, an eye-opening milestone.

When you think about it, though, this shouldn't come as a surprise. Mobile device infrastructure is expanding fast, essentially creating a second-tier wireless internet.

Unfortunately, mobile security hasn't kept pace. Mobile devices are not only susceptible to malware infections but can also be used to download free attack tools.

That's right, you can launch a DDoS attack from most smartphones or tablets.

Looking ahead, expect the DDoS threat to continue growing briskly. Attack tools will evolve. So will methodologies.

Money and ideology will always be powerful motives. The only thing that won't change is the importance of the internet, making DDoS attacks a when, not an if.

<italic>Rick Rumbarger is senior director at Neustar, a Virginia-based technology services company offering cyber security, fraud protection and data analytics products.</italic>

Related internet links

The BBC is not responsible for the content of external sites.