A DDoS attack (Distributed Denial of Service) is an attack on a web server with the intent of causing it to crash. While a DoS attack is usually carried out by just one computer, the high impact of a DDoS is achieved by joining many computers into a botnet in order to provoke the server failure. For this purpose, manipulated IP packets are usually sent en masse to the server simultaneously. DDoS attacks are used by both cybercriminals and protest movements such as Anonymous.
To produce a DDoS on a server, as many computers as possible have to be involved in the attack. For this purpose, other computers are infected with malware that allows attackers to hijack them and use their computing power for their own purposes. Computer viruses that spread themselves are frequently used. The infected computers will eventually turn into bots, which can be coordinated from a central location. In order to hide the controlling computer, additional tools are used in DDoS attacks which permanently change the corresponding IP addresses. Therefore, the author of an attack usually remains undetected.
Once enough computers are combined to form a network, the attack is launched against the target server.
A DDoS attack can be carried out in various ways, but there are generally three types:
A DDoS shows up existing overloads of a server system or network, but the effect of such an attack is potentiated. The following measures can be taken to minimize the damage:
The primary goal of a DDoS attack is to make a website inaccessible. Thus, the information it contains is no longer reachable. For online stores or other commercial websites such as payment service providers, this could mean huge financial losses. Moreover, victims of hacker attacks usually are stigmatized as being not secure. Losses in reputation and trustworthiness are the result.
In the past, DDoS attacks were mostly carried out based on two possible motives:
While in the first case, politically motivated groups were often behind the attacks, the second scenario concerns criminals.
One of the most well-known protests which was expressed in a large-scale DDoS attack in recent years was “Operation Payback,” which was initiated by the hacker group “Anonymous.” The target of the attack was the payment service PayPal, which had not forwarded donations to whistle-blowing platform WikiLeaks.
A more recent example of a criminal use of controlled network attacks is the extortion of the RSS feed provider Feedly.