Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have featured heavily in the tech news of recent years as their ease of delivery makes them a simple tool for those wishing to disrupt a target's online presence. A DoS is initiated when one computer continually sends data, typically as requests, to another computer with the aim of exceeding the target machines resources such as bandwidth, RAM or processing power. A DDoS is when multiple computers join forces, typically controlled by a Botnet, and target an organisations web servers or network.
The disruption from a DDoS, however, can affect different organisations in different ways. Some organisations such as banks have seen DDoS attacks prevent their customers from accessing their online banking services. This has obvious implications for consumers and businesses looking to manage their accounts. HSBC suffered a DDoS attack in October 2012 that was attributed to Izz ad-Din al-Qassam Cyber Fighters allegedly as a protest aimed at forcing You Tube to remove the controversial film Innocence of Muslims. The same group has continued its DDoS attacks into January of 2013 against a long list of U.S. banks such as JP Morgan Chase, U.S. Bancorp and Bank of America amongst others. Due to the complexity and sophistication of the DDoS attacks against the banks, some are starting to question whether there is a level of state sponsorship behind them.
Organisations such as the FBI and Department Of Justice in the USA have been subjected to DDoS attacks in response to perceived injustice of taking down file sharing sites by repossessing the domains held by Megaupload and Megavideo. This attack was perpetrated by the hacker collective Anonymous back in January 2012. Such an attack, whilst not crippling the intended targets day to day function, is intended to create embarrassment for the target and garner media interest for the cause of the attacker. As a response to domestic politically motivated DDoS attacks law enforcement agencies in both the U.S. and the U.K. have made a number of arrests throughout 2012 of those responsible. The toughening response from law enforcement is only likely to increase in the coming years to act as a deterrent to others in the hope of curtailing the continued use of DDoS attacks to disrupt government institutions and corporations.
Some DDoS attacks are perpetrated with extortion in mind. Typically off-shore web based gambling businesses are targets for the DDoS extortionist who flood the website or network causing the loss of customers and revenue. The DDoS attack is halted on payment of a fee.
The challenges faced by those trying to prevent Denial of Service attacks are complicated but with the rise in attacks the desire to create better responses has arisen. It's difficult to stop the Botnets that control infected zombie computers, other than encourage people to install anti-virus software and keep their operating system up to date with the regular updates to prevent them from contributing to the problem. However, this is not going to be a quick solution especially with smart phones rapidly adding to the number of devices susceptible to Botnet control.
In reality, those that are looking to prevent DDoS attacks are going to have to review their own systems. Distributing their DNS and web servers across multiple data centres. Those not running their own data centres should make use of large scale web hosting providers such as Memset who use network technology to identify inbound DDoS attacks and block suspect traffic. Firms such as Memset command vast amounts of Bandwidth making them more difficult to take down for all but the largest scale DDoS attacks.