Breach

DDoS attacks commonly leaned on to mute rights groups

December 27, 2010

Distributed denial-of-service (DDoS) attacks, like the ones recently used to protest businesses that stopped doing business with WikiLeaks, will only become more common, yet many smaller organizations lack the tools to stop them, according to a new study.

The research paper, Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites, released by The Berkman Center for Internet & Society at Harvard University, said these entities, in particular, often bear the brunt of cyberattacks, which also can include intrusions and defacements.

In its survey, based on interviews and news reports, the researchers found 329 different attacks against more than 815 websites, dating back to 1998. But, they added, this is likely a low figure, as most incidents against organizations of this size are not reported.

"These numbers confirm that, despite the under-reporting...DDoS and other cyberattacks are common against independent media and human rights sites, even outside of elections, protests, and military actions," the report stated.

For many of these organizations, which host their own sites, the effect of the attacks is exacerbated because they can be mitigated only by a skilled system administrator, the study found. Meanwhile, enlisting the assistance of a hosting provider ratchets up expenses for these often low-budget operations.

In larger organizations, administrators are able to react more quickly. They have filtering systems ready for deployment and have alternative network paths through which legitimate traffic can be routed, said the report, authored by Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York and John Palfrey.

DDoS attacks traditionally have been widely used in extortion schemes against larger websites, in which a group of compromised computers are harnessed together as a botnet to disable a site with the goal of blackmailing the site's owners.

But the latest iterations of these digital assaults are being carried out as a form of vengeance against websites with which the perpetrators don't agree.

"The accessibility of easy-to-use tools and the apparent success of single-user attacks on small websites, as well as the visibility of the technique in the media, suggests that aggrieved individuals may look to DDoS as an easy way of making a political point or settling a score," the report stated.

In fact, the report cites a research paper by Jose Nazario, senior security researcher at Arbor Networks, that examined 16 major instances of DDoS attacks, where the priority was political statement, not financial gain.

The problem is not likely to go away, concluded Berkman report.

Organizations should consider hosting their sites on a "free, highly DDoS-resistant hosting service, like Blogger, even at the cost of prestige, functionality and possible intermediary censorship," the report recommended.

Alternatively, a site can pay for a hosting or DDoS-protection service.

The report also suggested that the human rights community work with ISPs, which can help protect sites from DDoS attacks while agreeing "not to remove controversial content unless required by law."

prestitial ad