DDoS attacks – a method used by hackers to disable a website or user’s bandwidth – seem to be on the rise. But is there any way you can protect yourself from these attacks, and if so, why do online giants like the BBC find their online services disabled when targeted?
Distributed Denial of Service: Still a Potent Weapon
Hackers have been employing the Distributed Denial of Service (or DDoS) attack for years. While these attacks can be used against individuals, they’re usually targeted at public services, ISPs, large companies and banks. But hackers aren’t the only culprits; hacktivists also tend to use DDoS attacks to fulfill their social justice warrior aims of retribution for a perceived crime.
You might have read that ISIS (aka IS, ISIS or Daesh) use the Internet for recruitment, and have carried out online attacks against NATO. They have a huge, apparently unchallenged presence on Twitter, and various adherents of their fearful brand of extremism use Facebook. So with these facts in mind, why did self-appointed anti-ISIS hacktivist group New World Hackers target the BBC of all on New Year’s Eve?
Is the BBC harboring ISIS terrorists? Of course not. As longtime BBC technology correspondent Rory Cellan-Jones relayed, the New World Hackers were simply testing their DDoS attack capability.
Message to me from New World Hackers on BBC DDoS : "It was only a test, we didn't exactly plan to take it down for multiple hours"
— Rory Cellan-Jones (@ruskin147) January 2, 2016
Not content with prodding a stick into the bees’ nest of international terrorism, this group decided to annoy a lot of people in the United Kingdom by taking out one of the country’s most popular online services, the catch-up TV service, BBC iPlayer. And as Brits love TV, anyone wanting to catchup with Christmas programming such as Doctor Who or read the news was left frustrated.
— New World Hackers (@NewWorldHacking) January 2, 2016
Just why New World Hackers decided to use their Bangstresser tool against the world’s foremost public service broadcaster is currently unknown, but it’s clear that the capabilities of the software – an attack that consumes a record-breaking 602 gigabit-per-second (Gbps) of bandwidth on the target server – should concern the eventual target.
And the BBC aren’t the only recent targets of the DDoS method of attack, which works by overloading a target computer or server with data. While online gaming networks are the usual target, in mid 2015, UK mobile phone retailer Carphone Warehouse was hit with a DDoS attack, which diverted attention away from a simultaneous data breach, most likely an orchestrated attack by the same hackers.
DDoS Attacks and You
What if that target was you? How do Joe and Jane Public defend against a DDoS attack?
Well, in most cases, you should be fine. In the rare cases that individuals are targeted by hackers and hacktivists, it’s usually by more insidious techniques, such as doxing, rather than a DDoS. However, we should all be wary of the DDoS attack, as when they are used, there is often more than meets the eye. Take the Carphone Warehouse attack, for instance, where DDoS was used as a cover for a data breach. What if your personal data (address, credit card details, etc.) had been among those stolen?
By now, your identity might have been stolen – it’s worth money on the Dark web – and your life ruined. Like many other online threats, a DDoS attack can be used to siphon off personal data, or even industrial secrets. As a potential, indirect victim of an attack of this type, it’s worth checking with your bank, credit card company and preferred credit checking organization if they have any alerts that can be put in place to highlight unauthorized activities. These can prove extremely useful if your personal data is hijacked.
How to Protect Against DDoS Attacks
But what if you are targeted by a DDoS attack? In the vast majority of cases, single computers are not targeted. However, it isn’t unheard of for individuals working for well-known companies to have their laptop or desktop targeted by a DDoS attack.
So what can you do? Well, what you can’t do is instantaneously move your online presence to a new server. If you’re targeted with a DDoS attack, it will be directed at your external IP address, the address assigned to your computer by your ISP. The chances are, you’ll be knocked offline instantly by the attacking botnet (malware programs littered across insecure PCs across the Internet). In the past, these would have been spread by the developer of the botnet, but these days, botnets can be hired out, and DDoS attacks instigated through them.
It’s as if the hackers have an army of digital mercenaries.
You probably won’t know for certain if you are being targeted by a DDoS, as you’ll find that getting online is impossible, making the receipt of any emails or tweets threatening such action unlikely. If you have access to another network – perhaps the mobile Internet account on your mobile device – get online and try to work out what is going on.
Should you find reference to a DDoS attack aimed at you, the first thing you should do is disconnect your computer from the LAN or Wi-Fi network, and if on a domestic network, switch off and disconnect the router. As we’ve seen, DDoS can be used as a smokescreen for attackers to perform surgical hacking on your system to steal data, so disconnecting is a wise step.
Once the plug is pulled, contact your ISP (although keep in mind that they might already be making your home network insecure), and if you’re using a work computer from home, inform the corporate network administrator. Your ISP should be able to deal with the DDoS swiftly.
Meanwhile, if you are the target of a DDoS and feel that you’re a particularly important target, and have the budget to match, you might consider getting in touch with a DDoS specialist, although be aware that in the majority of cases they won’t deal with a standard user or an attack on a domestic IP address.
DDoS Protection for Website and Blog Owners
Do you own or run a website? Perhaps you manage the online services for a major company. If so, you’ll probably be aware of the massive risks of such an attack, and the potential for lost revenue. A study from Kaspersky and B2B International revealed that a single DDoS attack can cost a company between $52,000 and $444,000. This cost might be to fix the DDoS, or to pay the ransom that is demanded for it to end.
If you suspect a DDoS attack is likely, or in progress, you have several options open to you.
The first, and most important thing you can do is ensure that your web server has more bandwidth than it’s ever likely to need. It’s particularly useful to do this to accommodate standard surges in traffic, and will give you the time you need to act in the face of a DDoS attack.
Contact Your Web Host
You should then contact your web host and ask for help, informing them that the site is under attack. While they may have already detected the attack, it may also be so large that it is already overwhelming them. Websites on servers at a web host’s data center are more likely to be protected than a site you host yourself, and hosts use methods such as “null route” to drop traffic to your website and “scrubbers” to filter out the requests from the botnets causing the DDoS.
Do You Need a DDoS Specialist?
Most DDoS attacks don’t last too long, and certainly in the case of private websites there shouldn’t be any requirement for a DDoS specialist. However, if you’re the victim of a large, prolonged attack, then it might be worth contacting a DDoS specialist. Several are available, such as Black Lotus, DOS Arrest, and RioRey.
DDoS: A Hacker’s Favorite Toy
Hackers and hacktivists alike utilize the distributed denial of service attack, a fact that might leave you conflicted over who is the good guy and who is the bad guy. Don’t be conflicted. If you’re not using DDoS or other hacking tools, if you’re not organizing botnets to take out catch-up TV services, then you’re the good guys, on the right side of the law.
Have you been affected by a DDoS? Were you surprised to find the BBC’s services offline on New Year’s Eve? Are New World Hackers overreaching themselves in their quest to dispose of ISIS’ online presence?
Tell us what you think in the comments.