Distributed denial-of-service (DDoS) attacks have become an increasingly common threat on the internet. These attacks aim to make a website or online service unavailable by overwhelming it with traffic from multiple sources. Understanding the motivations behind DDoS attacks can help companies and organizations better defend themselves against these disruptive cyberattacks.
What is a DDoS attack?
A DDoS attack is a cyberattack where multiple compromised devices are used to target a single system, such as a website or online service. These compromised devices form a botnet that is controlled by a hacker and used to bombard the target with more requests than it can handle, thereby disrupting normal traffic and making the system slow or unavailable.
DDoS attacks typically work by leveraging botnets – networks of compromised internet-connected devices that hackers can control remotely. Hackers can grow botnets to tens of thousands of devices, then direct this army of devices to flood the target’s servers with more traffic than they can accommodate.
Some common methods used in DDoS attacks include:
- UDP floods – exploiting the User Datagram Protocol by overwhelming random ports on the target system with numerous garbage requests
- SYN floods – sending continuous SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic
- HTTP floods – bombarding websites and web applications with seemingly legitimate HTTP requests
- DNS amplification – exploiting vulnerabilities in DNS servers to reflect and amplify traffic sent to the target
Successful DDoS attacks can render websites and online services completely unusable for the duration of the attack. This can result in substantial disruption and revenue losses for the affected organizations.
Why do people launch DDoS attacks?
There are several motivations that drive different actors to carry out DDoS attacks:
Financial gain
One of the most common reasons is financial gain. By taking down websites and online services, attackers can extort money from the owners by demanding a ransom to stop the attack. Attackers may also be hired by unscrupulous business competitors who want to disrupt operations and cause financial losses.
Ideological motivations
Activist groups such as the hacking collective Anonymous have used DDoS attacks to protest and disrupt organizations or government agencies they disagree with ideologically. Groups like these consider DDoS attacks a form of civil disobedience or protest.
Revenge
Some DDoS attacks are done as an act of revenge by disgruntled customers or former employees. By crippling a company’s website or online services, these individuals aim to damage the business and cause monetary losses.
Ego
DDoS attacks are sometimes done to show off attack capabilities and skills or cause mischief. Bragging rights can motivate bored or rebellious teenagers to launch attacks against school networks or random websites.
Cyberwarfare
Governments are believed to be responsible for some DDoS attacks launched against the IT infrastructure of enemy nations or dissidents. DDoS attacks can also be used as a smokescreen for more serious cyber espionage or data breaches.
Technical errors
In some cases, a DDoS effect can happen unintentionally due to technical errors like software bugs or hardware failures. Bots within a botnet could also malfunction and start attacking systems without the botnet operator’s instructions.
Major perpetrators of DDoS attacks
DDoS attacks are initiated by various actors, including:
Individual hackers
Lone hackers who have the technical skills to carry out DDoS attacks may do it for any number of motivations, such as protest, revenge, ego, or financial gain. The distributed nature of DDoS attacks makes it possible for a single determined individual to take down even very large websites.
Organized cybercriminal groups
There are cybercriminal syndicates who regularly engage in DDoS attacks as a way of extorting money from companies and organizations. These organized groups are often very sophisticated and may have access to botnets with tens or hundreds of thousands of compromised machines.
Nation states
Governments are believed to sometimes use DDoS attacks against rival nations as a method of cyberwarfare. DDoS attacks linked to nation states are usually highly complex and can leverage massive botnets and exotic attack methods.
Hacktivists
Hacktivist collectives like Anonymous have claimed responsibility for many politically or socially motivated DDoS attacks over the years. The loose organization of hacktivists combines sophisticated technical skills with ideological motivations.
Disgruntled insiders
Employees or ex-employees of companies who have an axe to grind have been known to launch DDoS attacks against their employers. Their inside knowledge of the IT infrastructure often aids them in causing maximum damage.
Notable DDoS attacks
Some of the largest and most disruptive known DDoS attacks include:
| Target | Date | Perpetrator | Impact |
|---|---|---|---|
| GitHub | March 2018 | Unknown | 1.35 Tbps attack that knocked GitHub offline for several minutes |
| Dyn | October 2016 | Mirai botnet | Massive attack on DNS provider Dyn disrupted access to major sites like Twitter, Netflix, CNN |
| KrebsOnSecurity | September 2016 | Mirai botnet | 620 Gbps attack on security journalist’s site, at the time among the largest on record |
| BBC | December 2015 | New World Hacking | Attempted holiday disruption of BBC’s online services |
| SpamHaus | March 2013 | Cyberbunker | 300 Gbps attack on European spam fighting organization |
These examples illustrate the immense destructive power that DDoS attacks can wield when launched by sophisticated and determined adversaries.
Defending against DDoS attacks
Companies and organizations can take several steps to protect themselves from DDoS attacks:
- Invest in DDoS mitigation services that can filter attack traffic before it reaches networks
- Increase bandwidth to improve capacity to absorb attacks
- Configure routers and other hardware devices to optimize throughput and connection rates
- Harden network infrastructure by closing unused ports and implementing tight security policies
- Monitor traffic for anomalous patterns indicative of DDoS activity
- Maintain and test DDoS response plans for responding quickly when attacks occur
- Ban compromised devices or accounts being used to generate attack traffic
However, because of the ever-evolving nature of DDoS attacks, even organizations that take precautions can fall victim. Rapidly evolving attack methods and the vast resources that sophisticated hackers have at their disposal make DDoS attacks difficult to fully contain.
Legal responses to DDoS attacks
Most countries have outlawed DDoS attacks and impose harsh penalties on perpetrators who get caught. For example, the Computer Fraud and Abuse Act in the United States makes it a federal crime to knowingly cause unauthorized damage to a protected computer system. The law allows for fines and up to 10 years imprisonment for even first-time offenders.
However, legal enforcement is challenging because attackers often route their attacks through intermediary computers they have compromised, making tracing them complex. International cooperation between law agencies is necessary to pursue attackers across jurisdictions.
Websites and online services also have some legal recourse after they are hit with DDoS attacks. They can file lawsuits against attackers to recover costs related to damage, lost revenue, and mitigation expenses. But finding enough evidence to prove who is legally liable for an attack is difficult.
The future of DDoS attacks
Most experts warn that DDoS attacks are likely to grow in scale and sophistication in the coming years. The increasing number of vulnerable IoT devices being connected to the internet provides ripe targets for hackers to compromise and enlist in massive botnets. Attackers will also benefit from wider availability of DDoS-for-hire services to easily rent botnets.
Innovations like machine learning for behavioral modeling and traffic analysis will strengthen the capabilities of attackers and make attacks harder to detect. To keep up, organizations will need to adopt more automated and adaptive DDoS defense solutions.
Ultimately, curtailing DDoS attacks will require tackling the fundamental flaws and limitations in the internet’s architecture through initiatives like DNSSEC to improve security. But major technical upgrades take time. Until then, DDoS attacks will remain a severe threat to businesses, government institutions and the stability of the internet.
Conclusion
DDoS attackers are driven by a variety of motivations, ranging from hacktivist ideals, to financial gain, to ego. Companies and organizations can take steps to defend themselves but will likely always be vulnerable to some degree against constantly evolving attack methods. Legal enforcement against DDoS perpetrators remains limited. As such, DDoS attacks are likely to present an ongoing cybersecurity challenge in the digital age.