The anatomy of a DDoS attack

Hacktivists now use DDoS to voice their protest against governments, private services

Updated - November 16, 2021 11:51 pm IST - BANGALORE:

Expressing displeasure: In recent years, DDoS attacks have been used as a means of protest in the digital space, most popularly by the hacktivist group, Anonymous. — File photo

Expressing displeasure: In recent years, DDoS attacks have been used as a means of protest in the digital space, most popularly by the hacktivist group, Anonymous. — File photo

Even as the debate on Internet censorship and government regulation of social media was hotting up, the recent move by some Internet service providers (ISP) to block websites that allow peer-to-peer file sharing, has netizens up in arms.

Soon after ISPs went ahead and cut off access to these sites, hacktivists (activists-software programmers) who went by the social media handle @OpIndia, expressed their displeasure by targeting government websites, mostly those belonging to the Ministry of Information Technology, which they believed was behind the gag order.

OpIndia, touted as the Indian wing of the global hacktivist group Anonymous, unleashed a series of consistent Distributed Denial of Service (DDoS) attacks on these sites.

What is DDoS?

Very different from actually hacking into a website, DDoS is a common technique used to temporarily bring down websites.

DDoS attacks are well-orchestrated ones on Web servers of a website, and on the domain name servers. The idea is to flood the servers with a humongous number of requests, resulting in the temporary outage of a website or shutdown of the servers. Once this is accomplished, the incoming traffic can be redirected to an intermediate page, where often the perpetrators of these attacks post their messages explaining the reason for why the website has been targeted.

The saturation point

Any website functions primarily by fetching content from a Web server based on requests. The capabilities of a Web server to handle requests is not infinite, and is bound by the hardware and software programmes that run on these machines. Although super powerful, these servers do hit a saturation point when the number of requests exceeds a certain threshold. DDoS attacks exploit this limitation by forcing Web servers and domain name servers to drop legitimate traffic.

Zombie army, reflectors

DDoS attacks can be understood by imagining a pyramid-like structure, comprising a series of chain reactions on computer networks. At the top of the pyramid sits the hacker or the cracker, instigating these DDoS attacks.

The hacker's machine sends out electronic commands to a layer of machines — called ‘zombie computers' or bots — which are part of these attacks. Some of these are voluntary zombies, while others are hapless machines that have been compromised and are being used as part of the ‘attacking' network.

This layer of computers, in the pyramid, that receives commands from the attacking hackers/crackers are called the ‘zombie army' or botnet.

The zombie army launches the real attack on the target website or server, by routing the requests via another layer of innocent computers called the ‘reflectors'. So to the Web server that hosts the site under attack, these requests, emanating from ‘innocent' reflector computers appear harmless, and servers try to cater to their requests, falling prey to the attack.

DDoS attacks can cause temporary outage to legitimate users because the attack has occupied a major chunk of network bandwidth and server resources, and in many cases, it may cause the websites to go offline as the Web servers can shut down.

Internet security companies perceive botnets, or zombie army attacks, to be more dangerous than viruses, worms or spam on the Web. These attacks cripple website and, therefore, the services these sites offer, which results in losses. Many companies invest heavily in protection infrastructure. However, even with the most secure carapace, hackers and crackers have been able to work their way around it.

As means of protest

In recent years, DDoS attacks have been used as a means of protest in the digital space, most popularly by the hacktivist group, Anonymous.

When Web companies cut off services to the whistleblower site Wikileaks, hackers from around the world unleashed DDoS attacks on their servers.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.