Most hosting companies have routers in place that deal specifcally with detected attacks.
The routers quite litterally siphon off the attacking traffic and send it into space.
So essentially you end up slowing down the website for a short time and then eventually your attack is thwarted.
With distributed webhosting, this is even further deluted.
DDoSing is not as big and bad as it once was... maybe thats a good thing.. maybe its abad thing.
What’s more devastating than a DDoS attack launched by a botnet? In some cases, that’s the DDoS attack launched by the “opt-in botnet” aggregated through a crowdsourcing campaign.
Damballa’s recently released report “The Opt-in Botnet Generation: Social Networks, Cyber Attacks, Hacktivism and Centrally-Controlled Protesting” describes the increasing sophistication of cyber-protesting tools, for launching political protests around the globe.
Let’s review seven well known and extensively profiled examples of “opt-in botnets” and crowdsourcing campaigns, to find out why some failed and others succeeded.
What exactly is an opt-in botnet? What are some of the most notable cases where it has been successfully used? How can you disrupt a opt-in botnet given that the command and control server is in the hands of every user knowingly participating in it?
Damballa’s report describes “opt-in botnets” as:
- “In practically all criminal botnet cases in the past, the owners or users of the bot-infected computers have been unwitting participants in an attack. This aspect of botnet participation fundamentally changes in the context of cyber-protesting, since as users intentionally install botnet software agents, subscribe to a particular CnC, and choose to participate in coordinated attacks against a target category. Whether it’s because of a vagueness in the understanding of laws governing cyber attacks and electronic denial of service, or a perception of only being a small cog in a much wider effort that will never result in them being singled out, there seems to be few inhibitors to taking protesting in to the cyber world and taking an active role in the call to action.”
Just like real botnets, opt-in botnets need a command and control server from where to issue new commands, and accept status reports on the success/failure of the DDoS attack.
What’s particularly interesting about opt-in botnets is their reliance on popular social networks such as Facebook, or micro-blogging services like Twitter, both acting as the command and control center for scheduling the attack, and distributing the attack tools.
- “Three Twitter accounts, five Yahoo! Mail accounts, twelve Google Groups, eight Blogspot blogs, nine Baidu blogs, one Google Sites and sixteen blogs on blog.com that we being used as part of the attacker’s infrastructure” - Researchers expose complex cyber espionage network
And whereas the use of legitimate networks as “virtual human shields” against potential take efforts (Twitter, Google Groups, Amazon’s EC2, Facebook as command and control servers) is nothing new, given the millions of active users and the increase ease of reaching the citizens of a particular country only, a well organized campaign could achieve its objectives by nothing else besides setting up a Facebook group, or promoting a Twitter hashtag.
Just how successful is the concept of “opt-in botnets”, also known as “people’s information warfare” or the “malicious culture of participation? Let’s review some of the well known campaigns that relied on “opt-in botnets”, and crowdsourcing tactics to achieve the DDoS effect.
