You wake up one morning eager to turn on your ‘pump up’ Spotify playlist, but for some reason it’s not working. Annoying. You switch to Twitter to check your business’s feed, but that’s not working either. What the heck!? You think the problem lies in your Wi-Fi connection, but its signal is strong. So, what’s keeping you from running your business on social media?
This happened to millions of Americans on the morning of October 21, 2016, after domain name system (DNS) provider Dyn experienced a distributed denial of service (DDoS) attack, crashing some of the world’s top sites, including Netflix, Spotify, Twitter, and Reddit, among others. DDoS attacks crash a site, or in this case a number of sites, by enlisting an army of malware-infected devices to flood the server with illegitimate Web requests.
Attacks of this kind come in different forms. For example, application DDoS targets the application layer of the open system’s internal functions and communication instead of the network layer. In this way, hackers can disable access to the database, including transactions, search functions, email services and more.
While the October DDoS attack was the largest in history, it wasn’t the only one to capture high-level headlines. Here are three of the most infamous DDoS attacks in recent history.
Anonymous vs. PayPal
In 2010, hacker group Anonymous launched a DDoS attack on PayPal as part of cyber protests “Operation Payback” and “Operation Avenge Assange.” The hacktivist group attempted a four-day disruption of PayPal’s site and services after the company refused to process donations collected on behalf of WikiLeaks and controversial programmer Julian Assange due to political pressure. Anonymous felt the attack was a justified form of digital civil disobedience, especially since PayPal continued to process funding for other controversial groups.
In the end, Anonymous members were charged with misdemeanors, although PayPal faced hundreds of thousands of dollars in business losses. In many ways, this attack was a wakeup call for businesses around the world that had mostly been spared by cyber protests.
Occupy Central vs. Chinese Government
As you might suspect, DDoS attacks are a favorite weapon in the hacktivist’s arsenal. But they can also be used to stifle protests. In 2014, unnamed hackers launched a DDoS attack against independent news site Apple Daily and polling site PopVote in Hong Kong as a way of silencing pro-democratic protesters in China.
Occupy Central, a pro-democratic protest group, decried China’s established 1,200-member election committee in favor of a “one person, one vote” system and used PopVote as a way to drum up support for universal suffrage. The DDoS attack pummeled the sites with bot traffic at a remarkable 500 gigabits per second. At the time, this was the largest DDoS attack in history and was shocking due to its political implications.
New World Hacking vs. BBC
While DDoS attacks are undeniably effective, they aren’t exactly a perfect crime. On December 31, 2015, New World Hacking launched a 600-gigabit-per-second DDoS attack on BBC, the largest of its kind (see a pattern here?). However, the BBC wasn’t the intended target per se. New World Hacking apologized for the attack, saying it was only testing the attack and didn’t expect to take down the site for multiple hours. Oops!
NWH’s “ultimate goal” is to crash ISIS-affiliated Websites to stem the spread of terrorist propaganda. BBC was just collateral damage.
Your Business vs. DDoS Attackers
As you can see, anyone with a Website or online service can be targeted by a DDoS attack. Thankfully, there are ways to guard your company against its harmful effects. DDoS mitigation techniques work to identify malicious and bogus traffic from crashing your operations by either blocking it entirely or redirecting it to a system where it can do no harm.
For example, some cybersecurity companies build stronger firewalls to block against application DDoS attacks launched from hijacked browsers or develop null interface “black holes” to intercept bad traffic. Application DDoS and other automated attacks can be stopped by behavioral analytics software that analyzes user behavior to differentiate between bad bots and legitimate visitors.
As cyber threats continue to evolve, its best to stay educated on the latest news and partner with trusted cybersecurity companies to protect your most valuable assets.
Presented by a BusinessTown.com partner