The hack that can black out the internet
With 'denial of service,' attackers silence foes – and the collateral damage can be severe
A cyberattack that temporarily shut down a popular web hosting service is demonstrating once again how easily hackers can exploit technology to make powerful political statements.
Hackers hit DreamHost with what's known as a distributed denial-of-service attack, which creates large surges of artificial internet traffic and lobs them at target servers, either slowing their response time or shutting them down completely.
The attack came as the company fought a request from the Department of Justice to turn over information about visitors to a web site critical of President Donald J. Trump. DreamHost, which hosts more than a million blogs, websites and apps, was also the web provider for a neo-Nazi site that had been taken offline after making disparaging comments about Heather Heyer, the 32-year-old woman killed while protesting against white supremacists in Charlottesville, Virginia.
The attack was part of a growing trend; distributed denial-of-service is becoming more common and more powerful, according to a recent report from Deloitte Global. That report predicted 10 million distributed denial-of-service attacks worldwide in 2017, with an average traffic volume between 1.25 and 1.5 gigabits per second – enough to knock many organizations offline – and about a dozen massive attacks that will produce a terabit of junk traffic per second.
The DreamHost attack illustrated one way technology has tipped the scales of power, said Brian Shirey, chief architect in engineering for Forcepoint, a commercial cybersecurity company jointly owned by Raytheon.
"Technology allows people to have a platform that they otherwise may not have had, and make their goals and desires known and their voices heard," he said. "Unfortunately, some groups use this technology in ways that have unintended consequences, or simply don’t care who else is affected."
For example, he said, a denial-of-service attack blacks out many websites – not just those the attackers dislike.
Denial-of-service attacks, sometimes called DDoS attacks, take several forms. Some use botnets, or networks of infected devices, to generate surges in traffic; some focus on only the layer of the internet the end-user interacts with, and others target the infrastructure of the server itself.
Defending against such attacks is difficult, Shirey said. One method, for example, requires detecting patterns in incoming traffic, identifying the offending IP addresses and blocking them.
"It's much easier to prepare for a DDoS attack than it is to stop one currently happening," he said.
Denial-of-service attacks have been ramping up for years, but their ability to disrupt has long been clear. One of the most devastating occurred in 2007, when attackers took down internet service across the web-savvy nation of Estonia. Shirey also pointed to a 2008 attack on the Church of Scientology, in protest of internet censorship; and an attack on the BBC and other sites on New Year's Eve of 2015.
The DreamHost attack appeared to have only a limited effect; the company reported that it restored all services within about three hours.