Distributed-denial-of-service (DDoS) attacks have been the tool of choice for cybercriminals since the dawn of the Internet. Why? They’re easy and effective.
Denial of service is conducted when a multitude of systems are bombarded with traffic, which chokes the targeted networks and renders them unavailable to users. The attacks exploit detectable vulnerabilities. As such, they have few barriers-to-entry. Even mammoth tech firms such as Google, Microsoft, Apple, PayPal, Visa and MasterCard, have succumbed to its prowess.
However, like any other cyber threats, DDoS attacks have evolved to reflect a more treacherous threat landscape. The number of attacks has increased, motivations have become more complex and targets are more vulnerable and abundant.
The following DDoS chronology of DDoS was researched by FortiGuard AV analyst Karine de Ponteves:
Early 2000: Spotlight on DDoS
While it’s hard to ascertain exactly when the first DDoS was launched, Ponteves says the first large-scale incident occurred in 1999 against the IRC server of the University of Minnesota. It left 227 systems affected, and the university’s server was rendered unusable for days.
This event kicked off a series of similar attacks that put DDoS on the map as a viable tool for hackers and cybercriminals. In February 2000, some of the world’s most popular Websites were toppled by DDoS attacks, and the compounded losses were enormous. Major traffic generators such as Yahoo!, eBay, CNN, Amazon.com and ZDNet suffered from assaults that paralyzed their systems and barred users from accessing their services for hours.
Assaults on well-recognized, high-traffic sites should require extensive amounts of time, copious skill and meticulous attention to detail only possessed by organized cybercrime syndicates or highly trained engineers – right? Unlike other types of cyber attacks, DDoS campaigns were defined by the ease in which they could be executed. The culprit of these attacks? A thrill-seeking 15-year-old Canadian boy with the handle Mafiaboy, who was looking for bragging rights and an outlet to show off his skills.
He launched the attacks by conducting network scans to find vulnerable hosts, which were then compromised. He deployed software that turned the hosts into zombies and propagated the attacks so each zombie would infect exponentially more targets. And voila: Some of the world’s largest Websites were brought to their knees.
2005: Show Me the Money
At the dawn of the new century, cybercriminals tested the waters of DDoS as a new attack method, leveraging the tool to disrupt systems and wreak general havoc. It wasn’t long before they realized that DDoS could garner them a handsome profit.
Hackers would have to follow steps similar to those of the MafiaBoy attack if they wanted to create a botnet that elicited widespread DDoS attacks. But the advent of Internet worms automated once-cumbersome steps, enabling cybercriminals to trigger large-scale attacks with ease.
In 2005, the ease-of-use features of DDoS were tested when 18-year-old Farid Essabar, a novice programmer, was arrested for distributing MyTob. The MyTobworm opened a backdoor on infected MS Windows hosts that connected to a remote IRC server and waited for further instruction from command and control. Its biggest distinguishing feature was its ability to self-propagate upon reboot and copy itself to network shares. That opened the door for massive DDoS attacks that could compromise an untold number of hosts infected by the worm and execute commands sent over IRC. CNN covered the outbreak live, even as the station’s own computers fell victim.
While perhaps the first of its kind, the MyTob incident was certainly not the last. It represented the tipping point of a new era in cybercrime. Hackers behind later automated attacks weren’t out to cause trouble or make headlines. This time, they wanted money.
The aim of DDoS was extorting tens of thousands of dollars from corporations by threatening to launch attacks over their networks. Rather than risk inevitable customer attrition and loss of reputation from DDoS attacks, many targeted victims were all too willing to fork over cash to calculating extortionists.
In Part II, we will discuss the latest iteration of DDoS – specifically, how the attack is leveraged to disrupt government and corporate systems to make a political statement and mobilize users to action – a phenomenon known as hacktivism. Finally, we’ll look at the future of the DDoS as attack methods become more varied and complex.