20 hippos trying to get through a revolving door

Graham Cluley
Graham Cluley
@[email protected]

Zombie computers controlled by hackers can launch DDoS attacksDistributed Denial of Service (DDoS) attacks have been hitting the headlines more than normal in the last week following a number of high profile news stories. 

For those who don’t know, a DDoS attack is when compromised zombie computers around the world are instructed by a hacker (known as the botmaster) to flood a website with traffic. The website can become so swamped with traffic from computers based around the globe that it can be slowed down considerably, or even made utterly inaccessible by the outside world. 

If it makes it easier to picture it, think of 20 hippos trying to get through a revolving door – the whole thing gets clogged up, and no-one is able to get in or out.

DDoS attacks are frequently used for blackmail.  We have reported in the past on some of the Russian hackers who have been sentenced for blackmailing British gambling websites and online gift retailers who have been struck in the run-up to Christmas.   

Sign up to our free newsletter.
Security news, advice, and tips.

What is becoming clear, however, is that money is not the only motivation for some hackers to launch DDoS attacks against websites.

Last week, for example, it was announced that an Estonian court had fined 20-year-old Dmitri Galushkevich for a denial-of-service attack that hit the website of Estonia’s ruling political party.  The hacker’s punishment was interesting, because at the time of the attacks in April 2007, the Estonian Minister of Defense had accused the Russian government of sponsoring the attacks against it, and even called on NATO to recognize the incident as “military action”.  As we discussed in the Sophos Security Threat Report 2008, no proof was ever put forward showing that the Kremlin was involved.

Meanwhile, the controversial Church of Scientology has been forced to defend its websites from a DDoS attack. The anonymous group of hackers behind the attacks even went so far as to rally support for their attacks on the Scientology organization by posting YouTube videos calling on others to participate in the disruption.  Even if you strongly disagree with an organization’s activities it seems fundamentally wrong to take the law into your own hands, and engage in criminal activity against them.  In a development that further damaged the hackers’ arguments it was  reported that a Dutch school website was accidentally affected by their attack on the CoS. 

Whatever the motivation for the DDoS attack, you can imagine that the damage down to a business by having its website blasted off the net can be considerable, and we have seen some cases where companies have offered substantial rewards for information leading to the conviction of those responsible for an attack.

Most DDoS attacks are happening because home users have not properly secured their PCs against hackers – but it is possible for corporate computers to be compromised too.  A reliable anti-virus, firewalls, and up-to-date patches can all help better secure your computer from becoming a part of the zombie problem. 

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.