Is DDoS attack illegal? What is a DDoS attack and what can be done about it? In this article, we will describe it in detail.
Is DDoS Attack illegal?
DDoS attack, what are they and 5 methods to deal with them?
A distributed denial of service (DDoS) attack is one of the most powerful weapons on the Internet. When you hear that a website is “knocked down by hackers,” it generally means that it has become a victim of a DDoS attack. In summary, this means that hackers have tried to make a website or server unavailable by flooding or blocking them with heavy traffic.
What are distributed denial of service attacks?
Distributed denial of service attacks are directed to websites and online services. The goal is to saturate them with more traffic than the server or network can support, and make it inoperable.
Traffic may consist of incoming messages, connection requests or fake packets. In some cases, affected victims are threatened with such an attack or attacked at a low level. This can be combined with a threat of extortion from a more devastating attack, unless the company pays a crypto currency ransom.
In 2015 and 2016, a criminal group called Armada Collective repeatedly extorted money from banks, web hosting providers and others in this way.
Examples of DDoS Attack
In 2000, Michael Calce , a 15-year-old boy who used the online name “Mafiaboy,” launched one of the first recorded DDoS attacks. Calce hacked the computer networks of several universities. He used his servers to operate a DDoS attack that crashed several important websites, such as CNN, E-Trade, eBay and Yahoo.
Calce was convicted of his crimes in the Juvenile Court of Montreal. As an adult, he became a “white hat hacker” that identifies vulnerabilities in the computer systems of major companies.
More recently, in 2016, Dyn , one of the leading providers of domain name systems (or DNS) received a massive DDoS attack that brought down the main websites and services, including AirBnB, CNN, Netflix, PayPal, Spotify, Visa, Amazon, The New York Times, Reddit, and GitHub.
The gaming industry has also been targeted by DDoS attacks, along with software and media companies.
DDoS attacks are sometimes made to divert attention from the target organization. While it focuses on the DDoS attack, cybercriminals can pursue a primary motivation, such as installing malicious software or stealing data.
DDoS attacks have been used as a weapon of choice for cybercriminals for profit, national states and even, especially in the early years of DDoS attacks, computer equipment that seeks to make a great gesture.
How do DDoS attack work?
The theory behind a DDoS attack is simple, although the attacks can vary in their level of sophistication. Here is the basic idea. A DDoS is a cyber attack on a server, service, website or network that floods it with Internet traffic. If the traffic exceeds the target, the server, the service, the website or the network become inoperable.
Network connections on the Internet consist of different layers of the Open Systems Interconnection (OS) model. Different types of DDoS attacks focus on particular layers. Some examples:
Layer 3, the network layer. The attacks are known as Smurf Attacks, ICMP Floods and IP / ICMP Fragmentation.
Layer 4, the transport layer. Attacks include SYN Floods, UDP Floods, and TCP Connection Depletion.
Layer 7, the application layer. Mainly, HTTP encrypted attacks.
The main way to perform a DDoS is through a network of computers or bots hacked and remotely controlled. These are often known as “zombie computers.” They form what is known as “botnet” or network of robots. These are used to flood websites, servers and networks with more data than they can host.
Botnets can send more connection requests than a server can handle or send overwhelming amounts of data that exceed the target victim’s bandwidth capabilities. Botnets can range from thousands to millions of computers controlled by cybercriminals.
These use botnets for a variety of purposes, including sending spam and forms of malware such as ransomware .
Your computer can be part of a botnet, without you knowing it
Increasingly, the millions of devices that make up the constantly expanding Internet of Things (IoT) are being hacked and used to become part of the botnets that are used to conduct DDoS attacks.
The security of the devices that make up the Internet of things is generally not as advanced as the security software found on computers. That can leave vulnerable devices so that cybercriminals can explode by creating more expansive botnets.
The 2016 Dyn attack was carried out through Mirai malware , which created a network of IoT device bots, which includes cameras, smart TVs, printers and baby monitors. The Mirai botnet of Internet of things devices can be even more dangerous than it seemed. That’s because Mirai was the first open source botnet.
That means that the code used to create the botnet is available to criminals who can mutate it and evolve it for use in future DDoS attacks.
Botnets are used to create an HTTP or HTTPS flood. The computer botnet is used to send what appear to be legitimate HTTP or HTTPS requests to attack and saturate a web server.
HTTP (short for HyperText Transfer Protocol) is the protocol that controls how messages are formatted and transmitted. An HTTP request can be a GET request or a POST request. Here is the difference:
- A GET request is one in which information is retrieved from a server.
- A POST request is one in which the information is requested to be loaded and stored.
- This type of request requires greater use of resources by the destination web server.
- While HTTP floods that use POST requests use more web server resources, HTTP floods that use GET requests are simpler and easier to implement.
The DDoS attack can be “bought” in black markets
The assembly of the botnets needed to carry out a DDoS attack can take a long time and be difficult.
Cyber criminals have developed a business model that works this way: more sophisticated hackers create botnets and sell or lease them to less sophisticated ones on the dark web, that part of the Internet where criminals can buy and sell products such as botnets and numbers of credit cards stolen anonymously.
The dark web is generally accessed through the Tor browser, which provides an anonymous way to search the Internet. Botnets are rented on the dark web for just a few hundred dollars. Several dark websites sell a wide range of illegal products, services and stolen data.
Somehow, these dark websites operate as retailers in conventional lines. They can provide customer guarantees, discounts and user ratings.
What are the symptoms of a DDoS attack?
The DDoS attack has definitive symptoms. The problem is that the symptoms are very similar to other problems you may have with your computer, ranging from a virus to a slow Internet connection, which can be difficult to detect without a professional diagnosis. Symptoms of a DDoS include:
- Slow access to files, either locally or remotely.
- A long-term inability to access a particular website.
- Internet disconnection.
- Problems accessing all websites.
- Excessive amount of spam emails.
- Most of these symptoms can be difficult to identify as unusual. Even so, if two or more occur over long periods of time, you could be the victim of a DDoS attack.
Types of DDoS Attack
DDoS attacks generally consist of attacks that fall into one or more categories, with some more sophisticated attacks that combine others into different vectors. These are the categories:
- Attacks based on volume. These send huge amounts of traffic to saturate the bandwidth of a network.
- Protocol attacks These are more focused and exploit vulnerabilities in a server’s resources.
- Attack application They are the most sophisticated form of DDoS attack, focusing on particular web applications.
- Here is a closer look at the different types of DDoS attacks.
TCP connection attacks
TCP connection attacks or SYN floods exploit a vulnerability in the TCP connection sequence, commonly known as the three-way link connection with the host and server.
That’s right, how the destination server receives a request to start handshake. In a SYN Flood, the handshake is never completed. That leaves the port connected as busy and unavailable to process more requests.
Meanwhile, cyber criminals continue to send more and more requests collapsing all open ports and shutting down the server.
The application layer attacks, sometimes called Layer 7 attacks, point to the victim’s applications of the attack in a slower manner. That way, they may initially appear as legitimate requests from users, until it is too late, and the victim feels overwhelmed and unable to respond.
These attacks are aimed at the layer where a server generates web pages and responds to http requests.
Often, application level attacks are combined with other types of DDoS attacks aimed not only at applications, but also at network and bandwidth. The application layer attacks are particularly threatening.
Why? They are economical to operate and more difficult for companies to detect than attacks focused on the network layer.
Fragmentation attacks are another common form of a DDoS attack. The cyber criminal exploits vulnerabilities in the datagram fragmentation process, in which IP datagrams are divided into smaller packets, transferred through a network and then reassembled.
In fragmentation attacks, fake data packets that cannot be reassembled surpass the server.
In another form of fragmentation attack called tear attack, the malware sent prevents packets from being reassembled. The vulnerability exploited in tear attacks has been patched in the latest versions of Windows, but users of obsolete versions would still be vulnerable.
Volumetric attacks are the most common form of DDoS attacks. They use a botnet to flood the network or server with traffic that seems legitimate, but that exceeds the capabilities of the network or server to process traffic.
Types of DDoS Amplification
In a DDoS Amplification attack, criminals block the Domain Name System (DNS) server with what appear to be legitimate service requests. Using various techniques, the hacker can expand DNS queries, through a network of bots, in a large amount of traffic directed to the destination network. This consumes the victim’s bandwidth.
A variation of a DDoS Amplification attack exploits Chargen, an old protocol developed in 1983. In this attack, small packets containing a counterfeit IP of the target victim are sent to devices that operate Chargen and are part of the Internet of things.
For example, many copiers and printers connected to the Internet use this protocol. The devices then flood the destination with User Datagram Protocol (UDP) packets and the destination cannot process them.
DNS Reflection attacks are a type of DDoS attack that cybercriminals have used many times. The susceptibility to this type of attack is usually because consumers or businesses have routers or other devices with badly configured DNS servers to accept queries from anywhere instead of properly configured DNS servers to provide services only within a trusted domain.
The criminals then send fake DNS queries that seem to come from the target’s network, so when the DNS servers respond, they do so to the destination address. The attack is magnified by consulting a large number of DNS servers.
Check out the DDoS digital attack map
The digital attack map was developed by Arbor Networks, the global threat intelligence system ATLAS. Use data collected from more than 330 ISP clients that anonymously share network traffic and attack information
Check out the digital attack map . It allows you to see on a global map where DDoS attacks occur with updated information every hour.
How to protect yourself from a denial of service attack?
Protecting yourself from a DDoS attack is a difficult task. Companies have to plan to defend and mitigate such attacks. The determination of their vulnerabilities is an essential initial element of any protection protocol.
Method 1: Obtain a protection product for your business
Look Around Distributed Denial of Service (DDoS) protection can provide significant protection against DDoS attacks for your business.
The protection offered by Look Around is easy to implement and does not require any hardware software on the site, and there is no need to make changes to your hosting provider or applications.
Look Around DDoS protection stops attacks on a contention-capable network, eliminates fake traffic, while its legitimate users maintain access to your website without interruption.
Look Around DDoS protection provides comprehensive protection against a variety of DDoS threats such as brute force attacks, phishing, zero-day DDoS attacks and attacks targeting DNS servers.
Method 2: Take Quick Action
The earlier a DDoS attack is identified in progress, the more easily the damage can be contained. Companies must use anti-DDoS technology or services that can help you recognize legitimate peaks in network traffic and a DDoS attack.
If you discover that your company is under attack, you should notify your ISP provider as soon as possible to determine if your traffic can be redirected. Having an ISP backup is also a good idea. Also, consider services that disperse massive DDoS traffic between a network of servers that make the attack ineffective.
Internet service providers will use Black Hole routing, which directs traffic to a null route, which is sometimes referred to as a black hole when excessive traffic occurs, which prevents the website or network objective is blocked, but the drawback is that both legitimate and illegitimate traffic deviate in this way.
Method 3: Configure firewalls and routers
Firewalls and routers must be configured to reject fake traffic and must keep their routers and firewalls updated with the latest security patches. These remain your initial line of defense.
The application’s front hardware, which is integrated into the network before traffic reaches a server, analyzes and analyzes data packets that classify data as priority, regular or dangerous as they enter a system and can be use to block threatening data.
Method 4: Consider artificial intelligence
While the current defenses of advanced firewalls and intrusion detection systems are common, AI is being used to develop new systems.
Systems that can quickly route Internet traffic to the cloud, where it is analyzed, and malicious web traffic can be blocked before it reaches the company’s computers. Such AI programs could be identified and defended against known DDoS indicative patterns. In addition, AI’s self-learning capabilities would help predict and identify future DDoS patterns.
Researchers are exploring the use of Blockchain, the same technology behind Bitcoin and other cryptocurrencies to allow people to share their unused bandwidth to absorb malicious traffic created in a DDoS attack and make it inefficient.
Method 5: Secure your Internet devices of things
This is for consumers. To prevent your devices from becoming part of a botnet, it’s smart to make sure your computers have reliable security software. It is important to keep it updated with the latest security patches.
If you have IoT devices, you must ensure that your devices are formatted for maximum protection. Secure passwords should be used for all devices. Internet of things devices have been vulnerable to weak passwords, and many devices work with default passwords that can be easily discovered. A strong firewall is also important.
Now you can decide that DDoS attack is illegal.