Ever-growing Challenge of DDoS Attacks
Law enforcement is at a disadvantage against hackers, mostly because distributed denial of service (DDoS) attacks leave little or no trace of evidence. However, police have made some arrests recently, which counts as a tiny bit of progress in the uphill battle against cyber criminals. Last month, for example, law enforcement agents from Europol arrested 34 cyber criminals. The suspects, mostly under the age of 20, are accused of renting DDoS booters (also called DDoS stressors) to launch DDoS attacks against gaming providers, government agencies, Internet hosting companies, schools and colleges. “Operation Tarpit” was a collaborative, global anti-cybercrime effort. In addition, in the last week of December police from Thailand arrested nine teenaged individuals who had attacked various Thai government websites as part of an Anonymous hacktivism campaign called #OpSingleGateway.
Unfortunately, such gains are a drop in the bucket compared to the flood of hackers. There are far more criminal cyber geniuses in the Dark Web than law enforcers can track down. Hackers have a variety of motives; some do it for political reasons, some do it for money. Criminal cyber geniuses have found ways to monetize their hacking skills by selling DDoS toolkits or leasing DDoS as a service to less tech savvy individuals; they’ll even provide the necessary tech support to perpetrate massive cybercrime. The cost of renting such DDoS toolkits or services is ridiculously inexpensive, depending on the scale of the attack. Even someone with little or no technology skill can execute an attack.
Gamification of DDoS Attacks
A group in Turkey recently created a new spin, and their motives appear to be both financial and political. They run a DDoS gaming platform dubbed “Surface Defense,” which encourages participants to compete for points through games; points can be redeemed for hacking tools. In addition, the platform asks hackers to attack political websites using a DDoS tool called Balyoz (translated as “Sledgehammer.”) To gain points, players must hack certain political websites. Scoreboards keep track of players and their points. By making a game of hacking, they incentivize bad behavior, and reward players with the tools/means to conduct their own DDoS attacks. (At this point readers with a normal sense of decency are scratching their heads in amazement, wondering how some people could be so nefarious and destructive, but I digress…)
Technology Still Paramount to Stopping DDoS Attacks
It’s comforting to know that some cybercriminals will be brought to justice, and it may deter some individuals from perpetrating similar crimes. However, the best defense against DDoS attacks is not wrought by the justice system, but by technology. There are far more than a few dozen hackers in this world, and hackers are often several steps ahead of law enforcement so the arrests are somewhat symbolic. DDoS attacks are not going away. Fortunately, the technology already exists in the form of anti-DDoS appliances; what’s needed is the awareness and willingness to deploy such solutions via Internet Service Providers, the gatekeepers of the Internet.
For more information, contact us.