DDoS attacks are one of the biggest threats faced by online service providers and companies who rely on the internet to function.
Yet these immensely powerful weapons are rarely understood by the general public, despite the prevalence of the term ‘brought down by hackers’.
So where do DDoS attacks originate, and what are they used for?
A Distributed Denial of Service attack is a concerted attempt to force web servers offline by bombarding them with more information than the recipient can handle.
Imagine a crowd of people simultaneously knocking on every door and window in your house. You couldn’t answer them all, and most knocks would go unanswered.
DDoS attacks use armies of compromised web-enabled devices to make identical requests of a network or service at the same time, usually through its IP address.
The recipient server is so overwhelmed that it can’t answer any legitimate enquiries coming in at the same time – a denial of service, in technical parlance.
Brute force assaults can crash ISP networks, prevent companies from trading, block access to high-profile social media or gaming sites, or stop consumers going online at all.
It takes a large volume of compromised devices to perpetrate a DDoS assault, and these machines have usually been infected with malware.
This will redirect their available bandwidth into a network of enslaved machines commonly referred to as a botnet.
Every botnet will make data requests at the same time, but because each device is a genuine piece of web-enabled hardware, the server can’t separate real enquiries from fraudulent ones.
Botnets may issue repeated spikes every ten minutes or so, repeatedly overloading servers, or they may stage a one-off assault before vanishing in preparation for targeting another victim.
Why does this happen?
There are several reasons.
Botnets can be created to impress fellow hackers or simply to see what’s possible with an enslaved army of personal devices.
In 2000, a 15-year old Canadian brought down websites including CNN and Yahoo for no reason other than experimentation.
A hacker may be trying to destabilise a network to benefit a rival brand, or to punish a business’s perceived transgressions.
It could be an attempt to distract IT personnel from a simultaneous attempt at stealing data or finances elsewhere in their systems.
There have even been terrorist attacks, like 2012’s Six Banks assault on American lenders, perpetrated by the military wing of Hamas.
An outage of one hour could cost a large company a million pounds, while the reputational damage is harder to calculate but potentially far more costly.
There may be an element of blackmail involved, though motives are often undisclosed by the shadowy cabal of hackers and cybercriminals responsible.
Nobody claimed responsibility for the massive Dyn outage of late 2016, where tens of millions of devices forced sites as diverse as Airbnb, PayPal and Reddit offline.
Amazon suffered the biggest DDoS assault in history in February 2020, with up to 2.3 terabits of data per second being thrown at its servers over a three-day period.
And while most attacks don’t exceed 10Gbps of data, this could still take down websites or applications almost instantly.
Protection against DDoS attack has become a cornerstone of web hosting services – especially those supplying corporate clients whose businesses depend on availability.
And even though a record number of attacks were recorded in 2020, the vast majority were stopped by a combination of firewalls, specialist AI software and clever traffic rerouting.
This cat-and-mouse game between hackers and hosting providers will continue almost indefinitely.