Wednesday, 26 October 2016
DDoS Attack on the US: We Still Haven't Figured It Out
Every day, the world's future cyber security specialists attend classes wherein they learn the latest strategies for preventing network breaches. They learn from their instructors, practice defensive techniques on laboratory computers and take tests to earn their coveted certifications. Meanwhile, those professionals already on the front lines wage a valiant battle against hackers and cybercriminals that may be looking to wreak havoc on global networks. Yet, for all this cyber warfare and the significant advancements that it has led to, we still cannot figure out how to pro-actively stop a distributed denial of service (DDoS) attack.
This past weekend, the US East Coast discovered first-hand how debilitating a DDoS attack can be. Just after 7am (EDT), several big-name websites from companies located in this region of the States began experiencing outages. It wasn't long before security experts discovered a devistating DDoS attack was underway. The attack was levelled against internet traffic management specialist Dyn Inc, a New Hampshire-based company that provides domain name services to companies like Twitter and PayPal.
Dyn acknowledged fairly early in the day that service was being interrupted for a long list of sites that included CNN, Spotify, the New York Times, Reddit and the afore-mentioned Twitter. Service was eventually restored by mid-morning, but it went down again around noon. Dyn was forced to acknowledge that a second DDoS attack was under way, this one affecting the East Coast and moving west at the same time. It wasn't until later in the afternoon that Dyn was able to stop the attacks altogether.
A long-standing rule of technology is that, the more sophisticated something is, the easier it is to break. Common sense dictates the opposite is also true. Therein lies the key to the success of the typical DDoS attack.
A denial of service (DOS) attack is very simple. You set up a number of computers to bombard a server with ongoing and repeated requests for service in order to overwhelm the system so that it cannot process legitimate service requests. It's a lot like a flash mob. A large group of people can all assemble in front of a shop front simultaneously, thereby blocking access to legitimate patrons.
A DDoS attack is essentially a DOS attack taken to the next level. It uses hundreds, if not thousands, of unique IP addresses through a strategy known as IP address spoofing. With thousands of IP addresses to deal with, security experts have a hard time shutting down a DDoS attack quickly.
This simple strategy is not designed to steal information. It is intended to disrupt service so that people cannot access targeted websites. It is a very simple strategy for disruption that proves very effective when carried out strategically. It is so simple that we still don't have an effective way of dealing with it. And so, while we work to contain the world's cybersecurity threats, the DDoS beast remains elusive.