Basics of DDoS

News organizations have been covering the latest "terrorist" retaliations of Operation Payback surrounding the Wikileaks wires and the arrest of Julian Assange over the past few days. Major international e-commerce sites like Amazon, PayPal, Visa, Mastercard, and others have been on the receiving end of distributed denial-of-service attacks from the 4chan-originating group Anonymous. These attacks, often abbreviated as a DDoS, have been labeled criminal and terrorizing by mainstream media outlets and have also led to the arrest of a 16-year old boy in The Hague, Netherlands. Not too long ago, Wikileaks itself was the target of DDoS attacks when they announced the first wave of cable leaks. Despite the fuzzy legal status of DDoS attacks in many countries, it is a common practice used by groups of internet users to take down websites. So what is a DDoS attack exactly?

DDoS Explained

Essentially, the goal of a DDoS attack is to deny other people from accessing the target site and there are multiple ways this can be achieved. The most common DDoS methods are to either exploit unprotected server networks, sending multiple requests to a web server, or opening multiple connections with a server. All of these methods result in an excess of network traffic that prevent regular users from accessing web servers. Simple programs can be designed and distributed to multiple users so that these requests can be multiplied from different locations. It can also be done maliciously with spyware which allows a hacker to use third-party connection to conduct an attack remotely.

Case Study: MasterCard.com

Shown below is a graph provided illustrating the recent traffic data from MasterCard.com's Vancouver server during their DDoS attack downtime. The graph provided by Netcraft.com measures how long it takes to get a response in order to access the web server and the higher the green line, the longer it takes for site to load. If the graph is red that means the server was completely unresponsive to access requests. On Wednesday, December 8th, the host server of MasterCard.com was being hammered by so many attacks that it simply could not respond during business hours leaving people unable to access the site at all.

If DDoS attacks are left unresolved, they could prevent a server from being accessed indefinitely. Some attacks are also accompanied by psychological operations to exaggerate the extent of damage. During the attacks, several news reports cited Anons' claim via Twitter that thousands of MasterCard's credit card numbers were hacked by a group of Russians. A moment later, MasterCard posted a tweet saying that the leaked information was fabricated, which was soon confirmed by others as a "disinformation campaign" codenamed Operation Bank Troll.

What Happens Next?

Despite the mounting political pressure, Anonymous intends to continue these attacks against organizations that publicly cut ties with WikiLeaks. While a DDoS attack is indeed illegal, should it be seen as an act of "cyber-terrorism" as some have begun to describe? Will other affiliates of WikiLeaks also be hesitant to abandon ship in fear of bearing the ire of Anon? Could more arrests of Anonymous members be on the horizon? In part two of this series, we will look at the cultural impact of Anonymous and Operation: Avenge Assange on the internet, press, and government.