HSM 438 Week 2 Discussion 2, Denial-of-Service Attack

 

 

 A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) of the service or resource they expected.

 

Victims of DoS attacks often target web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not typically result in the theft or loss of significant information or other assets, they can cost the victim a great deal of time and money to handle.

 

2 General Methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

 

Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the system to handle. It includes the attacks listed below, in addition to others that are designed to exploit bugs specific to certain applications or networks

ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.

SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target. The essential difference is that instead of being attacked from one location, the target is attacked from many locations at once. The distribution of hosts that defines a DDoS provide the attacker multiple advantages:

He can leverage the greater volume of machine to execute a seriously disruptive attack

The location of the attack is difficult to detect due to the random distribution of attacking systems (often worldwide)

It is more difficult to shut down multiple machines than one

The true attacking party is very difficult to identify, as they are disguised behind many (mostly compromised) systems

Modern security technologies have developed mechanisms to defend against most forms of DoS attacks, but due to the unique characteristics of DDoS, it is still regarded as an elevated threat and is of higher concern to organizations that fear being targeted by such an attack.

 

YES! I believe that denial-of-service attacks could realistically be used as part of a cyberterrorism or cyber warfare campaign?

 

FOR Additional Reference: https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos

The following are evidence of DOS attack:

In January 2008, a New Jersey teenager along with a gang of hackers launched a DDoS attack that crippled the Church of Scientology website for several days. 

The group is dubbed Annoymous and is staunchly against the ‘religion’. 

Dmitriy Guzner, who was 19 years old, was charged and convicted for the DDoS attack. The maximum penalty was 10 years prison and a $250,000 fine but he was ultimately sentenced to two years probation and was ordered to pay the Church of Scientology $37,500. 

A second man has been charged for the attack. 

 

Originally thought to have been the efforts of Iraqi operatives, a systematic cyber attack was launched in the US which seized control of over 500 government and private computer systems. The hackers were exploiting computers running on the Sun Solaris operating system, hence collective attacks were called ‘Solar Sunrise’. 

The US Government assembled a number of defense divisions including the FBI and the Defense Information Systems Agency to investigate the matter. 

Much to everybody’s surprise, there were no Iraqi operatives involved in the hacking. Investigations resulted in the arrest of three teenagers from California. 

While it was cased closed for ‘Solar Sunrise’, the attacks highlighted how a co-ordinated effort could affect an entire country’s IT infrastructure. 

 

It was a very simple virus which ended up costing $80 million in damages. 

The Melissa virus would infect Microsoft Word documents and automatically disseminates itself as an attachment via email. It would mail out to the first 50 names listed in an infected computer’s Outlook email address box. 

The creator of Melissa, David Smith, said he did not intend for the virus to harm computers but was still arrested and sentenced to 20 months in prison. 

Incidentally, anti-virus software sales went gangbusters that year. 

 

In 2002, a cyber attack aimed squarely at all 13 domain name system’s root servers in the US almost brought the Internet to its knees. It was a DDoS attack which lasted for one hour. While it doesn’t some like a long time, it was the scale of the attack that was most alarming. 

At that time, US Federal authorities described the attack as the largest and most complex in history. 

Internet servers were severely strained for one hour although users probably didn’t experience any adverse effects. But if the attacks lasted any longer, it would have brought the Internet to a standstill. 

 

When Google’s Chinese headquarters detected a security breech in mid-December, it opened up a whole can of worms (pun intended) implicating the Chinese Government. 

Hackers had gained access to several Google’s corporate servers and intellectual property was stolen. 

In a blog, Google said it has “evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinse human rights activists”. As the company dug deeper, they found numerous Gmail of users from US, China and Europe had been routinely been accessed without permission. Those emails belonged to advocates of human rights in China. 

All eyes darted towards the Chinse Government, which has been accused of flagrantly disregarding human rights for years. 

Google entered the Chinese market with www.google.cn in 2006 and capitulated to China’s stringent Internet censorship regime. The cyber attacks in December 2009 resulted in the company’s re-evaluation of its business in the country. 

In March 2010, Google relocated its servers for google.cn to Hong Kong in order to escape China’s Internet filtering policy. 

 

FOR Additional Reference: https://www.arnnet.com.au/slideshow/341113/top-10-most-notorious-cyber-attacks-history/