This weekend a number of websites belonging to NATO, including its main website at www.nato.int, struggled to remain online as online criminals launched a distributed denial-of-service (DDoS) attack.
A group of pro-Russian hackers called “Cyber Berkut” claimed responsibility for the attack, which came on the eve of a controversial referendum in Crimea which saw over 90% of voters choose to quit Ukraine for Russia.
DDoS attacks manage can bring down websites by flooding them with so much web traffic that they can no longer stand up, and legitimate visitors will find the site too clogged up with visitors to work. It’s the equivalent of 15,000 fat men trying to get through a revolving door at the same time.
Typically, DDoS attacks use compromised computers to flood a website with traffic, but it’s also known for the owners of computers to be willing participants in an attack, intentionally running tools like the Low Orbit Ion Cannon to help those behind the attack to achieve their goals.
NATO spokesperson Oana Lungescu confirmed via Twitter that some NATO websites had suffered from a DDoS attack, and reassured internet users that the integrity of NATO data and systems was not affected.
DDoS attack on some #NATO sites ongoing but most services restored. Integrity of NATO data &systems not affected. We continue working on it
— Oana Lungescu (@NATOpress) March 16, 2014
The attack came after NATO’s secretary general published a statement on the website, claiming that the referendum would have “no legal effect or political legitimacy.”
Of course, clogging up a website is very different from hacking a website – and although still malicious, it’s a lot less serious than a security breach that could have stolen information or planted malware.
Although DDoS attacks can be initiated for the purposes of blackmailing companies (imagine, for instance, the not uncommon scenario of a gambling website being threatened with a DDoS attack if it doesn’t wire money to the attackers), this incident is another reminder that attacks can often also be perpetrated for political hacktivist reasons or through the desire to curb freedom of speech.
There is a small typo in the 5th paragraph. "… the integrity of NATO data and systems was affected." "not" is missing.
And an important typo at that. Thanks, now fixed!
On the subject of typos, there is a word that sort of breaks the flow of the sentence it is in:
"DDoS attacks manage can bring down websites by flooding them with so much web traffic that they can no longer stand up, and legitimate visitors will find the site too clogged up with visitors to work. It’s the equivalent of 15,000 fat men trying to get through a revolving door at the same time."
Referring of course to the word 'manage'. That's the real point of my response, even though it is hardly important. I am however a stickler and can be very nitpicky. Also, since it has been a while since I've written anything even semi technical, anywhere, I'll go along with it and submit this:
Otherwise (and I Graham knows this as do some other readers but maybe some don't) – a DDoS attack (or a DoS attack for that matter) does not have to involve web traffic at all in order to make it next to (if not completely) impossible to reach the victim. It of course does not have to involve TCP at all. To the uninformed: there are unfortunately many gateways (networking pun very much intended) to attacks of all kinds and this includes denial of service attacks; such attacks need only disable a service and that includes by crashing the server, the service running on the server or simply overwhelming it with traffic so that no legitimate traffic can reach it. To be strictly technical there are other ways too but the point is the same: it is named very appropriately but there are many methods and more complexities involved, just like everything else in this universe. Semi related: DoS attacks have also been employed in other kinds of attacks that allow a person to compromise a server.