Earlier this month two suspects were arrested at the Heathrow airport in London on suspicion of extortion. The alleged crime did not occur as we so often see in the movies, with some tough guy walking into the shop owner’s business and demanding cash for protection. No, it didn’t happen that way at all.
Welcome to the digital age.
These alleged extortionists carried out the crime online using distributed denial of service, quite infamously known as a DDoS attack. Apparently, they were quite generous with demonstrating their capabilities. They attacked the site, and then they demanded money to make the problem go away.
This is but one example. Fortunately, in this case the perpetrators were caught, but as Brian Bloom explains, the new DDoS is silent, organized, and profitable. To further illustrate this point: his article on PC World was published one year ago.
And the problem hasn’t gone away.
DDoS Has Evolved From Lulz to Activism to Extortion
Denial of service and DDoS has been around for quite some time. The first crude DDoS tools were discovered in 1999. Most would say that their development originated within the IRC chat rooms frequented by hackers.
IRC, or “Internet Relay Chat”, allows a group of computers or servers to link together to allow people to communicate easily from around the world in real-time. You could say that IRC was one of the first experiments into social networking.
DDoS attacks were used in IRC to force other people in the chat room to be kicked off the channel. The purpose for this was mostly to seize control of the channel and become the moderator. If the channel operator exits the chat without first passing control to another user, it’s a simple step for anyone to “take the reins” so to speak. In essence, DDoS was used for internet turf wars within chat rooms. It was also used purely for entertainment. People would DDoS people they didn’t like, take control of their chat room, and proceed to ban members and invite their friends over.
In essence, it was done for fun.
DDoS did not remain on the IRC for long. There are numerous attacks that have occurred since its introduction to the internet. DDoS became not just a tool to aggravate people on IRC, but a way to earn a reputation. People are always after recognition, and hackers are no different.
In 2008, DDoS attacks targeted Amazon, Ebay, and Priceline. And the attacks were successful. All of the websites were taken offline and Amazon et all publicly acknowledged the attacks.
What was interesting in this case was the fact that the indictment indicated that one of the accomplices actually contacted Priceline to offer his services, while the others bragged about their exploits on forums. Not the best move, but it’s clear to see the transition from “rebel without a cause” to motivated profiteer take shape.
What is even more intriguing is the fact that they were not apprehended until four years later…
Hackers Become Political… Sort of
What really brought DDoS to the forefront, and immediately seized the sensational headlines of the press was a hacker collective known as Anonymous. While this group began as a disorganized assembly of hanger-ons from 4chan.org (the /b/ board, more precisely), it eventually evolved into a loosely organized group of hackers and political sympathizers.
And then they attacked.
One of the earliest ‘hacktivist’ attacks was Anonymous’ Project ChanologyProject Chanology. This was the defining moment for the hacker collective, and they put the Church of Scientology in their crosshairs. What was momentous about this attack is that it was also met with protests worldwide. Protesters created signs and picketed in front of Scientology centers across the U.S. and the UK, while the website of the Church of Scientology was repeatedly taken offline with DDoS.
The sheer turnout for the protests, coupled with the media attention (which spanned every major news station and online news site) cemented the name of Anonymous into the mind’s of many.
The Not So Political Side of DDoS
While there are various motives for DDoS (thrill-seeking behavior, the challenge, recognition, activism), the criminal element is after something entirely different. Simply put, they want your money.
Below is an actual extortion email:
You are welcomed with a command of hackers ZeleniyHach. We hold a huge network of Distributed Denial Of Service Attack, allowing to suspend any web site. We have been watching (domainname.com) and were able to find out that you have spent pretty money much for its advancement and want to to offer you to spend a little more yet. Just as little as 200 bucks as a voluntary donation to our fund will keep your web site away from DDOS attack. 200 bucks is not so much also will help you to avoid greater problems in the future.FOR DULLS..!!! IF YOU DO NOT OFFER TO US 200 bucks WE WILL KILL YOUR WEB SITE! Unfortunately, we accept only Webmoney Paymer Cheks, so make sure to get your fat asses out and without assistance find out how to transfer money into it. We give you 48 hours. If after 48 hours we will not get 200 dollars, there is one more 0 will be added to 200 bucks, i.e. 2000 bucks and so on until you come to reason. When you are ready, just send the check as your response to this message. In subject matter of the letter specify the domain with greater letters, it is a lot of you We are the one, respect our work.
DDoS Attacks Are Becoming Easier To Launch, Difficult To Stop
DDoS is an exploit that has existed for a long time. The problem lies in the infrastructure of the internet, which has been fundamentally unchanged since its creation. There has been technological advances and improvements, but most of what we have today is built on infrastructure that has already existed.
This fact plays a critical role in the evolution of DDoS. A more recent example was the headline-grabbing 300Gbps DDoS attack against Spamhaus. The attack was amplified through third party DNS servers that were improperly configured, leaving them open to be abused by attackers.
The numbers are in and DDoS attacks are on the rise, and for a number of reasons.
But it’s not just extortion on the menu.
Tune in next week and we’ll dive into other ways DDoS attacks are being used to disrupt business. And the culprits might just surprise you…