DDoS attacks are becoming increasingly popular thanks to the headlines they have enjoyed and the relative availability and ease with which they can be performed. While they have been reported more often – in particular thanks to the efforts of Anonymous – they are still, to an extent, the elephant in the room. And something drastic will need to happen before the authorities really take notice.
Recently, a hacker in the US has been sentenced to two years in jail for planning a DDoS attack on thousands of news websites.
A particularly personal story surfaced in the press which mentioned a chatroom romance with a “woman”, but was actually a prank by a former associate. However, the damage had already been done, as he unknowingly had left his wife for this “girl” from the chatroom.
Bruce Raisley was found guilty back in September 2010 after he allegedly built a botnet, which he planned to use to launch attacks on publications including Rolling Stone magazine, Nettica and Radar.
Raisley didn’t get as far as other high-profile DDoS attempts. But his crude attempted form of censorship raises other points about the damage DDoS can do, from an amateur or otherwise.
Paul Bristow, Chief Operating Officer at Webscreen, tells us that the difference between now and six to nine months ago is that, then, “if a DDoS attack had occurred we probably wouldn’t have known about it.”
That’s because the incidents have been gaining more exposure. In a way that is a good thing: “Now we understand, there is an elephant in the room but the question is: what do we do with it?” Bristow asks.
“More people have awareness of what a DDoS attack is in the sense they understand that it’s powerful.
“However, the bulk of people are sitting on the fence wondering what to do. Many will choose not to do anything until they, or competitors close to them, get attacked. The main questions they ask are ‘Would we survive it?’ or ‘Why would they attack us?'”
There’s a high probability anyone in the media could, at some point, put someone’s nose out of joint which would make them more likely to be attacked. Financial organisations are among the first to have accepted that this will happen, according to Bristow.
“We need legislation to go after these people but this won’t happen for years, or unless something happened that really shook things up, for example a DDoS on the HMRC site,” he added.
His points were echoed by a security expert with close links to the corporate and government sectors, who told TechEye: “As time goes by they [DDoS] will become a key way for companies and rivals to cause major trouble for each other, and there’s already many a hacker/company making money from this type of attack.”
However, governments in the UK and the US are “not currently considering this type of attack in their security notes. It’s too new, and the way they see it, it’s not as important as, for example, a cyberbot from China.
“It’s therefore not even worth talking about legislation, until they finally see what a threat this type of attack is.”
And that could mean something catastrophic for national security, he says.
“Something really major needs to happen before they take this seriously.
“Drawing comparisons with the physical world, and, as sad as is it, we need a cyber DDoS 9/11 to occur. Only then will governments sit up and think about legislation.”