What is a Distributed Denial of Service (DDoS) Attack?
Not all hackers are out to steal your identity or even your money. Sometimes, like real-life street vandals, hackers just want to disrupt business-as-usual for a company for no reason other than just to do it.
That's the idea behind an attack known as a Distributed Denial of Service, or "DDoS."
A DDoS is aimed at disrupting the normal function of a specific website. That means the attack isn't random, such as a launched virus that's aimed at everyone and anyone but no one in particular. A DDoS is planned and coordinated, and the goal is to make an entire website unavailable to its regular visitors or customers.
What does "Distributed" mean?
What makes the attack distributed is the focused effort within a team of disruptors who share the common goal of preventing targeted Web servers (and, therefore, targeted websites) from working normally. The attack is distributed among hundreds or thousands of computers.
When that happens, the website's regular customers are denied the service they want. Even worse, the company that runs the website is denied the money they'd earn for the day. And they may also lose some customers forever who get frustrated or worried about coming back to the site.
A common attack.
The most common way to execute a DDoS attack is to flood a business with requests for information. The goal is to create a wave of "false traffic" (a lot more than the Web server typically handles and is built for) that prevents normal customer traffic from getting through. The company's regular customers are denied service because of the slowdown.
Imagine a huge crowd of fake customers overrunning a store—simply to keep real shoppers out and with no intention of buying anything. That's the idea behind a DDoS attack. And it can cause quite a stir.
On Christmas Day 2014, a DDoS attack made headlines when the online game networks Xbox LIVE and PlayStation Network were shut down. Thousands of online game players, eager to try new titles they'd received as gifts, couldn't go online to play. A group called Lizard Squad boasted of the attacks, and they reminded everyone that they had attacked the PlayStation Network and online games World of Warcraft and League of Legends just six months earlier.
Back in business.
As one news agency reported, hackers are "returning to the time-tested strategy of hammering a website with phony traffic until it breaks." The attack on Sony didn't end up in stolen data or a breached network...it just created a huge headache for Sony and its customers.
News sources say that in 2015, these kinds of attacks may continue to expand, in number and in scope. One statistic said that DDoS attacks tripled during one three-month period compared to the same timeframe the year before.
You could be part of an attack.
Security experts say that a DDoS attack is the weapon of choice for some hackers these days. One of the reasons? Ironically, it's the availability of great technology.
Today hackers can actually "rent" a network of infected computers. The bad network, called a botnet, is controlled by cyber crooks. Under their spell, a network of zombie computers can be used to mount an attack.
You could be part of a DDoS attack...and not even know it. Your computer might be taken over by a hacker at a moment's notice to send fake requests to a targeted website. The hacker gained access to your computer (and thousands more) by tricking you into downloading a hidden program. (That's why it's important to keep your antivirus program up to date.)
Catching the crooks.
Law enforcement officials take these attacks seriously and work hard at tracking down the leader of the hack. One way they do it is by tracking down the leaders by their IP addresses. But that takes luck.
However, for as computer-savvy as a hacker might be, they can sometimes be careless enough to leave a trail that police can use to track them down. In one instance, a Florida computer engineering student hacked a website by uploading thousands of files to it. Then he tweeted about his attack. But he did his bragging from his own computer and his own IP address...the one the FBI used to track him down. They nabbed the culprit right in his dorm room.
The same thing happened to a gamer who launched a DDoS attack on the Call of Duty site. First he cheated his way to a high score, and then he prevented others from logging in so no one could beat him at that one game.
His cheating strategy worked but his hack didn't, because he did it all from a computer that showed his own IP address. The authorities were able to spot it and track him down.
So the next time you try to buy a new pair of shoes online but the website is unresponsive, don't blame the website. It's probably an attack by some barefooted nut who's protesting against shoe buyers!