On Friday morning a number of sites, including Reddit and Twitter, were left temporarily unavailable to users after the major DNS host Dyn was hit with distributed denial of service attacks around 9 a.m. Eastern, and again at a little past noon. As hacking becomes an increasingly frequent news phenomena, you might be left wondering, “What is a DDoS attack?” and why do hackers love it so much?
A DDoS, or distributed denial of service attack, is a key strategy in a hacker’s toolkit for bringing down a website. Through a distributed (spread out over multiple computers) and coordinated attack, hackers can often bring down a website for hours or even days, making the service no longer viable for users. Normally DDoS attacks work off of one of two vulnerabilities: either the firewall of the network can’t handle the number of “requests to establish a connection,” or the application of the site simply takes too much processing power to handle the number of requests (hence a very very slow site).
There is a slight distinction between a DoS and DDoS attack. In a simple denial of service attack, a hacker uses a single internet connection to flood a target with connection requests or exploit a software vulnerability. In a Distributed DoS attack, the requests are launched from multiple connected devices. In order to create this scale of attack, groups like Anonymous have hackers install a “bot” that will allow one hacker to control a number of different local traffic generators (computers with unique IP addresses) to overwhelm the website’s system.
While many denial of service attacks may seem at best heroic and worst for the lulz, the Department of Justice has begun to treat DDoS attacks as a serious form of cybercrime. In April, hacker Benjamin Earnest Nichols plead guilty to a DDoS attack that took down the McGrew Security website, and is now facing up to ten years in federal prison. Authorities aren’t sure who’s behind this morning and afternoon’s attacks, but if they’re caught, they could be facing hard time.