Distributed Denial of Service: How Bots attack
A DDOS (Distributed Denial of Service) attack uses multiple connections to stop access to a website or internet service.
These attacks use many computers to complete the attack. These computers can be PC, Macs, servers, video game consoles, and even smart home devices. The hackers need a device with a security hole like a zero day to install their malware.
With so many devices and people not keeping their devices up to date it’s not difficult for hackers to find what they need.
This is why it is so important to keep your device’s operating system and apps updated.
Now, imagine there’s a person who’s mad at a company.
The company conducts all of their business through the phone system.
This person wants revenge. The best way to keep the company from doing business is tying up their phone lines. This attacker calls the company all day long. But as soon as the company’s worker answers, the attacker hangs up.
Because the company must answer the phone and the person immediately hangs up. No one else is able to get their call through. This would destroy a business for as long as the person can keep the calls going.
This is the way a DDOS attack works but with internet websites and applications.
The set up
Hackers are looking for vulnerabilities.
These vulnerabilities are security holes that haven’t been patched by the software manufacturer. They malware to take control of the systems. This malware may not ever show any signs until it is used.
But the hacker still has control of the infected system.
Now the hacker has control the infected computers they just need to find their target.
Once the hacker had the target they start attack, employing each of their controlled computers to perform a DOS (Denial of Service) attack. This DOS attack sends as much data to the target as possible. Also, they use as many of their controlled computers to do the same. All of the infected computers work together.
The computers working together makes the attack distributed.
This is why these types of attacks are called a Distributed Denial Of Service (DDOS).
The motivation for a DDOS
A lot of these attacks are politically motivated.
A good example would be the conflict in Ukraine. Russia decided to take out some key systems in Ukraine before invading. The employed a DDOS attack.
This allowed Russia to take out key infrastructure in Ukraine.
The attacker needs to decide they want to make a statement. Then they send their bots towards the website or app they want to take down. With many computers (bots) in their control, it doesn’t take long before their target is brought to its knees.
Then they get the publicity for their stance on a cause.
Computer controlled robots
You’ve probably heard the term bot net.
A bot net is made up of the computers under control by 1 hacker or hacking group. These hackers are constantly trying to infect systems and gain control of them. Once they are infected they are added to their bot net.
This bot net allows them to control many computers like robots.
The amount of computer the control determines how much strength they have for their attack. The more computers they control the more connections they can make to the target. These attacks are powerful because the attack is coming from so many directions.
13 year old figured out DOS attacks
The first DOS attack was done by a 13 year old student.
He realized if he sent a command called “ext” it would lock up the computer. The user would have to shut down their computer. So he wondered if he could make it happen to multiple computers at once. He wrote a program to run the command from a remote location to shut down 31 computers.
Because of his finding the Computer-Based Education Research Laboratory at the University of Illinois Urbana-Champaign decided to disable the command.
IRC attacks
In the 90’s IRC channels were popular for DOS attacks.
In IRC, the first person or only person left in a channel becomes the administrator. So a person wanting control of a channel could send a DOS attack to take it over.
These attacks were different from the bot nets used today. The were much simpler. They would run scripts (programming code) to flood the channels. These were called chat floods.
They have protections for this in place now.
The DDOS attack of the University of Minnesota
In 1999, the University of Minnesota was the target of the first large scale DDOS (Distributed Denial of Service) attack.
This attack involved 2 types of machines. There were Masters and Daemons. The Master had the instructions and sent the instructions to the Daemons.
The mistake this attack made was allowing the IP addresses of the daemons to be known. The owners of the controlled systems were notified.
Today’s attacks are more sophisticated.
DDOS attacks are 3 x 4k Movies worth of data
Today’s attacks aren’t much different from the one in 1999.
The biggest difference is the hackers hide their IP addresses. This makes the bot net harder to detect.
Also the number of devices they can control is massive with all the devices on the internet now.
Now there’s 1 Tb/s (Terabit per second) attacks. To put 1 Tb/s into perspective. 1 Tb/s that’s the equivalent of 3 x 4k movies or 125 GB (gigabytes) worth of data every second.
At my house I have a Gigabit connection.
My connection is one of the fastest connections available in the US as of 2022. If my connection could keep consistent 1 Gb/s (Gigabit per second) downloads, I’d still have to wait 17 minutes to download the same 3 movies.
These hackers can send the same amount every second for as long as the attack occurs.
Now days, these types of attacks can be purchased and used with little know how.
Even though access to these types of attacks has become so easy, the number of attacks hasn’t increased.