A Distributed Denial of Service Attack for the Record Books

Backlit keyboardA group known as New World Hacking launched a distributed denial of service (DDOS) attack against the BBC and Donald Trump’s campaign website this week. The Trump site was down for about an hour, while the BBC site, including its movie player, were down for three hours. The attack against the BBC registered over 600 gigabits per second, making it the largest-bandwidth DDOS attack in history, doubling the bandwidth of the previous record holder.

DDOS attacks are simple to describe and relatively simple to perpetrate. The attacker sends a huge volume of data to the target. The tremendous amount of traffic proves too much for the target server to support, and it crashes. It will remain down until the personnel at the target site set up the proper rules to block the offending traffic. Such attacks are called distributed denial of service attacks because the responsibility for sending the excessive traffic to the target is distributed among multiple attacking computers. Enlisting multiple computers both magnifies the amount of traffic that is possible to send to the target and makes blocking the traffic trickier for the victim, since there are then multiple addresses to block.

New World Hacking used a DDOS attack tool they created called BangStressor to recruit an army of attacking machines and generate the traffic from them. They claim that Bangstressor used computers that are part of Amazon Web Service’s cloud, despite Amazon’s techniques for preventing their machines from being misused in this way. They tricked Amazon’s cloud into giving them unlimited bandwidth. Since Amazon manages a huge, highly distributed network of computers, it was the perfect platform from which to launch a DDOS attack of this unprecedented magnitude.

A spokesman from New World Hacking claims they performed this attack as a test of their capabilities. Their primary target isn’t either of the sites they took down this week. Instead, they want to shut down ISIS propaganda websites. They plan to release a list of ISIS propaganda targets next week. In the past, the group has targeted white supremacist groups as well as accounts they believe are associated with the Islamic State.

Hacking for a cause, so-called hacktivism, is generating a lot of interest, controversy, and a fair amount of praise. It is an illegal practice, because one cannot infiltrate, modify, or disrupt a computer service owned by someone else without their permission. And, if you are the attacker and you don’t cover your tracks, you likely will raise the ire not only of law enforcement but also, perhaps more problematically, the group you tried to target. Furthermore, just as in physical law enforcement, the notion of vigilantes helping protect citizens against threats can be helpful, but it also runs the risk of turning a community into the Wild West.

Still, in an era in which governments struggle to keep up with the fast-changing array of cyber and terrorist threats, well-meaning hactivist groups can be an effective ally, albeit one that brings significant potential baggage.

About Ray Klump

Associate Dean, College of Aviation, Science, and Technology at Lewis University Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *