One of the most potent tools in a cyber criminal’s arsenal is the ‘distributed denial of service’ attack – commonly known as a DDoS attack. These prolific hacks can take even the most protected computers offline.
Notable DDoS attacks include the Christmas day campaign that brought the PlayStation and Xbox live networks down and, most recently, taken most of the internet offline, including popular sites such as Twitter, eBay andthe Telegraph.
Here’s everything you need to know about DDoS attacks.
How does a DDoS attack work?
DDoS attacks harness the power of a network of tens of thousands of compromised computers, known as a “botnet”, to flood a website’s servers with page view requests, leaving legitimate traffic unable to get through.
In a similar way that sites such as Ticketmaster crash when one-off or hugely popular event tickets are released, DDoS attacks overwhelm the target server, flooding it with traffic so that it’s unable to function properly.
The huge amount of connection requests can, in some cases, cause entire websites to crash.
Watch | The five worst ever cyber hacks
How does a computer become part of a botnet?
In order to add computers to a botnet, a hacker must first gain control of the machine. They achieve this by exploiting vulnerabilities within the computer’s operating system to install malicious software on the computer that provides them with always-on, remote access to the PC.
This means that attackers can exploit your computer to use it as part of the DDoS attack, or access it remotely and retrieve usernames, passwords, financial information and other sensitive data.
Could my computer be affected?
Any computer is vulnerable to being added to a botnet. The malware necessary to exploit devices can be installed without your knowledge if you click on a malicious link, or visit a website that is serving infected adverts.
That’s why it’s crucial to ensure your antivirus software is up-to-date, that you have downloaded and installed the latest security patches for your computer, and that you are using a firewall to control what programs can and cannot gain access to their machine via the internet. If you don’t have this protection, you’re an easy target for hackers.
Other internet-connected devices have fallen victim too, such as smart webcams, thermostats and household items. In order to protect these gadgets from becoming weapons make sure you always download security updates.
How do hackers use botnets to launch attacks?
Once a computer or smart device has been compromised, it can be called into action by the hacker at a moment’s notice. Millions of computers across the world are estimated to be enslaved into botnets.
To exploit a botnet, all a hacker needs to do is run a small program that communicates with all the computers they control. The hacker can then command those computers to start dialling out across the internet to a specific server or website. The aim is to flood servers with tens of thousands of page view requests in a short period of time, paralysing the network.
Although the impact of a distributed denial of service attack can be cataclysmic for websites, they are relatively easy to execute for someone with the right technical expertise.
Building the botnet is the time-consuming part, so much so that enterprising cyber criminals will even “lease” bonnets to one another for spur-of-the-moment attacks. Researchers at security company Imperva estimate that some criminal networks are leasing botnets for as little as $38 (£31) per month.
Why would attackers want to crash websites with a DDoS?
People carry out DDoS attacks for a variety of reasons, from “bedroom hackers” who simply want the bragging rights, to cyber criminals that are known to use them for blackmail.
Gambling websites and gaming networks have been high-profile targets of these attacks. For example, hackers have threatened to overwhelm gambling sites just before a big race, match or fight, when the site would expect to be handling lots of bets from customers, unless the site pays a “ransom” to stay online.
DDoS can also be a weapon for those engaged in cyber warfare. For example, the attacks were used during the conflict between Georgia and Russia against high-profile websites in both countries, although the perpetrators were never identified.
The cost of a DDoS attack
It has been estimated that DDoS attacks can cost businesses up to $40,000 per hour that their websites are offline.
That cost can be much higher too with sustained and widespread attacks. For example, the 2016 attack against Dyn, one of a handful of “domain name server” providers, brought down all web addresses registered with its service. These included Twitter, Reddit, eBay, the Telegraph and many more.