denial of service attack

▪ computer science

      type of cybercrime in which an Internet site is made unavailable, typically by using multiple computers to repeatedly make requests that tie up the site and prevent it from responding to requests from legitimate users.

      The first documented DoS-style attack occured during the week of February 7, 2000, when “mafiaboy,” a 15-year-old Canadian hacker, orchestrated a series of DoS attacks against several e-commerce sites, including Amazon.com and eBay.com (eBay). These attacks used computers at multiple locations to overwhelm the vendors' computers and shut down their World Wide Web (WWW) sites to legitimate commercial traffic. The attacks crippled Internet commerce, with the U.S. Federal Bureau of Investigations (FBI) estimating that the affected sites suffered $1.7 billion in damages. In its early years, the Internet had played a role only in the lives of researchers and academics; by 2000 it had become essential to the workings of many governments and economies. Cybercrime had moved from being an issue of individual wrongdoing to being a matter of national security.

      Distributed DoS (DDoS) attacks are a special kind of hacking. A criminal salts an array of computers with computer programs that can be triggered by an external computer user. These programs are known as Trojan horses since they enter the unknowing users' computers as something benign, such as a photo or document attached to an e-mail. At a predesignated time, this Trojan horse program begins to send messages to a predetermined site. If enough computers have been compromised, it is likely that the selected site can be tied up so effectively that little if any legitimate traffic can reach it. One important insight offered by these events has been that much software is insecure, making it easy for even an unskilled hacker to compromise a vast number of machines. Although software companies regularly offer patches to fix software vulnerabilities, not all users implement the updates, and their computers remain vulnerable to criminals wanting to launch DoS attacks. In 2003 the Internet service provider PSINet Europe connected an unprotected server to the Internet. Within 24 hours the server had been attacked 467 times, and after three weeks more than 600 attacks had been recorded. Only vigorous security regimes can protect against such an environment.

      DDoS and DoS attacks apparently have been used for political purposes, with at least two neighbours of Russia (Estonia, Georgia) having their government Web sites targeted by unknown groups in times of conflict in the region. Although some Western leaders have accused the Russian government of being involved in the incidents, the absence of any clear military advantage in simply disrupting access to Web pages and the negative publicity generated by the cyberattacks has lead most experts to conclude that the attacks were probably performed by Russian vandals working alone.

Michael Aaron Dennis

 

* * *