denial of service attack
- Related Topics:
- Internet
- cyberattack
- trojan
- distributed denial of service attack
- botnet
denial of service attack (DoS attack), type of cybercrime in which an Internet site is made unavailable, typically by using multiple computers to repeatedly make requests that tie up the site and prevent it from responding to requests from legitimate users.
The first documented DoS-style attack occurred during the week of February 7, 2000, when “mafiaboy,” a 15-year-old Canadian hacker, orchestrated a series of DoS attacks against several e-commerce sites, including Amazon and eBay. These attacks used computers at multiple locations to overwhelm the vendors’ computers and shut down their World Wide Web (WWW) sites to legitimate commercial traffic. The attacks crippled Internet commerce; the U.S. Federal Bureau of Investigation (FBI) estimated that the affected sites suffered $1.7 billion in damages. In its early years the Internet had played a role only in the lives of researchers and academics, but by 2000 it had become essential to the workings of many governments and economies. Cybercrime had moved from being an issue of individual wrongdoing to being a matter of national security.
Distributed DoS (DDoS) attacks are a special kind of hacking. A criminal salts an array of computers with computer programs that can be triggered by an external computer user. These programs are known as Trojan horses since they enter the unknowing users’ computers as something benign, such as a photo or document attached to an e-mail. At a predesignated time, this Trojan horse program begins to send messages to a predetermined site. If enough computers have been compromised, it is likely that the selected site can be tied up so effectively that little if any legitimate traffic can reach it. One important insight offered by these events has been that much software is insecure, making it easy for even an unskilled hacker to compromise a vast number of machines. Although software companies regularly offer patches to fix software vulnerabilities, not all users implement the updates, and their computers remain vulnerable to criminals wanting to launch DoS attacks.
One of the worst DDoS attacks occurred in October 2016 when a botnet (a network of infected devices) called Mirai brought down the servers of Dyn, an American company that is in charge of much of the Internet’s domain name system (DNS). This attack interrupted much of North American Internet traffic. The Mirai botnet was not made up of infected computers but infected other devices, such as baby monitors, digital video recorders (DVRs), and digital cameras, that could connect to the Internet. Only vigorous security regimes can protect against such an environment.
DDoS and DoS attacks apparently have been used for political purposes, with neighbours of Russia (most notably Estonia in 2007, Georgia in 2008, and Ukraine in 2014 and 2015) having their Web sites targeted in times of conflict in the region. The Russian government has been suspected of being behind these attacks, but its involvement has not been definitively proven.