Attacks on Irish websites in the last 3 days.
Posted on 22 January 2016 -
BY Tibus
A DDoS is a Distributed Denial of Service, pronounced 'dee-doss', also known simply as a DOS ‘a dee-oh-ess’ to some of us older heads. Essentially it is where such a large flood of data is launched at a website, it effectively renders the website unreachable for normal website visitors. For all intents and purposes, a DDoS saturate portions of the Internet so that websites look to their visitors as if they are offline.
We recall that around the period 1999-2002, DDoS attacks were common and they were extremely impactful. Pre-engagement and technical conversations often focused extensively on DDoS measures. The Internet was based on much smaller bandwidth so DDoS attacks could be relatively impactful, even to larger players. Tools to detect and guard against DDoS such as IDS (Intrusion Detection Systems) were also far less mature than they are now. The idea of RTBH (Remotely Triggered Black-holes, a means of cutting off DDoS attacks throughout a network hierarchy) was maybe some 8-10 years from being talked about in anger. Then they sort of disappeared.
This was probably because they went out of fashion to some extent and were seen as somewhat passe to the guys out there capable of, and intent on, causing disruption to online targets. As Internet capacity around the world increased (particularly within the Internet backbone), the impact of a DDoS could largely be weathered by service providers and their clients. DDoS kind of went away for a few years.
But DDoS attacks seem to be back in vogue again. A person or group intent on causing harm to an online target can buy a DDoS attack with a few Bitcoins, almost as easily as one might order a pizza to be delivered. Adroit organisations harness compromised routers and computers (usually due to software that is not patched up to date) and turn those innocent devices into launchpads for DDoS attacks, often without their owner being aware at all. These groups offer their service for hire to anyone with a Bitcoin account and a basic grasp of the darker parts of the web. So the attacks are easier to organise and co-ordinate. The stigma of using a DDoS attack (as opposed to a precision or knowledge based attack) seems to have gone too.
To us, DDoS attacks are particularly insidious as they turn the very principles of the Internet against it, against us Internet users. The Internet is based on websites being always on, open to anyone at any time, no matter where they are in the world. No matter who they are. The more, the merrier – that’s the principle of the open web. That openness is the very foundation of the Internet, that spirit of connectedness. DDoS exploits that design goal, that central tenet of the Internet to attack certain websites anonymously and often from afar. And for us, that is the most worst thing about them: they turn the best of the Internet’s connectedness, it’s openness, into a tool to do harm instead. That’s just not okay with us.
We don’t know. But it has the trappings of hacktivism. As individuals within Tibus, we might actually have some sympathy for those angry at the way the world seems to be changing. Perhaps these attacks are timed to coincide with the meeting of the masters at Davos. Who knows? We certainly don’t. But whatever the background is, for us it just isn’t right to use DDoS to make a point. Too many other Internet users are affected in a DDoS attack.
The most difficult thing about DDoS attacks is that they can often resemble large traffic spikes, especially in their very earliest stages. And as hosting company we’re all about helping our clients cope with loads of visitors to their site during online sales or ticket releases or news or whatever. That’s the whole point of what we do – help clients manage their busiest times online, so shutting down incoming traffic is counter-intuitive. We’ve tended to reject ‘automatic shutdown’ systems as the risk to our clients normal web traffic is too great.
But we are taking a slightly different approach to defending our clients against these DDoS attacks, both at network level and for individual clients. We’re talking to our clients about these tactical measures now. If you are a client of ours and need some additional assurance about or protection from DDoS, please do talk to us as soon as possible. We have some options for you, some network related and some tactical. We’ll be implementing the network-level changes for all our clients.
Ultimately though DDoS attacks cannot be avoided. They will always be possible because of the way the Internet works. We can help our clients defend against them if they are the target of a DDoS, and we can mitigate their impact for clients that aren’t the target themselves.
We think however that the most effective measure is, for all of us involved in the Internet to somehow persuade those of influence that the use of these DDoS tools just isn’t cool.
No matter what the cause is, DDoS attacks are against the very foundations of the open Internet itself.
