As Facebook, Instagram and WhatsApp went down in several parts of the world, netizens were quickly engulfed in panic and soon after, theories about the downtime started floating around. A popular suspect was a DDoS attack.
Though Facebook later confirmed that the downtime was the result of a server configuration change and not a large-scale DDoS attack, the incident was enough to remind us of the dark ages predating 2004. Regardless of the latest glitch, DDoS attacks remain one of the most popular ways hackers bring down sites. According to one estimate, roughly 20,000 DDoS attacks take place every single day on the some website or another, on the internet.
What are DDoS attacks?
DDoS stands for Distributed Denial of Service. Fundamentally, it entails flooding a site or service with bogus requests and traffic, thereby sending more requests than it can handle – effectively denying fresh users a chance to request fresh data. By overloading servers and bandwidths, these kinds of attacks have targeted various sites and companies, one of the biggest examples is GitHub that got choked by a 1.35 TB/s attack in January 2018. For perspective, that amount of traffic is equivalent to downloading 500 hours of video every second.
How Does it Happen?
Botnets can be controlled remotely and are used to overwhelm the target. Usually its done either by flooding the target server with connection requests, thereby sending more traffic it can handle or by sending in huge amounts of data, using up all its bandwidth. The most common way to carry out DDoS attacks is using hundreds of thousands of infected computers – known as botnets – to send requests to open a specific webpage. First, attackers spread malicious software by sending out spam emails, infecting files on popular websites, and social media. Once a computer is infected, it can be used at any time to carry out a DDoS attack on any website. The request for the page is so frequent that a relatively small army of botnets can be as effective as a million legitimate machines requesting the page. In most cases, the human users of infected computers are not even aware of the fact that their computer is being used to carry out these attacks.
What’s worse, is that organising a DDoS attack is rather inexpensive. A week-long DDoS attack, capable of taking a small organization offline for the entire period, and potentially ending its business, can cost as little as $150. Botnets are becoming increasingly easier to buy and more specialized marketplaces are pooping up on the Deep Web (part of the internet not accessible through traditional search engines like Google), where anyone can buy and learn how to use them.
Other Services Impacted
Apart from the GitHub attack in 2018, attackers have also been known to target internet infrastructure as well. In 2016, attackers targeted Dyn, a major internet service provider in parts of the US East Coast. The attack peaked at 1.2 TB/s and caused connectivity issues throughout the US before it could be brought under control.
For attackers trying to disrupt the internet, big companies like Facebook, Google and Twitter are the most likely targets. However, security experts argue that these big companies have a huge amount of bandwidth at their command, and the ability to divert traffic through multiple servers located across the world – aka, inter-connectivity. This allows them to absorb a lot of these attacks. Even when the attackers do manage to get through, like in the case of GitHub, large companies can quickly mobilize resources to rectify the problem. GitHub took all of 10 minutes to reroute its traffic and filter malicious bots out of the system.
...We have a small favor to ask. Polemics and Pedantics is a non-profit educational venture whose writers work only because of their penchant for the art. If you like our work, please support us by sharing it on social media and helping us reach more people. Remember to subscribe and never miss an update by providing your email on the Contact Page. We don't sell ads, and won't spam you or share your details with anyone. Comments and suggestions are welcome at firstname.lastname@example.org.
About the Author
Akshat Jain is a second year student of Bachelors in Technology from Manipal University Jaipur. Originally from Delhi, he is an avid debater and has participated in numerous Model United Nations conferences all over the country. A West Wing fan, he likes reading and decoding social issues, and public policy. Previously, he has worked with the healthcare venture PeeSafe, in addition to The Kirat Youth Foundation, and Kairo Guard.