Some of the largest, well-known, and important DDoS attacks ever carried out
Although distributed denial of service (DDoS) attacks happen all the time, we tend to only hear about the absolute largest ones. These attacks receive mainstream, global press attention either because the sites they have targeted are incredibly massive and have a large cultural footprint, because of the sheer amount of data transmitted in the attack, or a combination of the two. DDoS attacks have been not only growing in rate of occurrence, but also in sophistication and size, so this list is unfortunately bound to look different a year from now (or possibly even a week from now). But let’s take a look at a handful of the most notable attacks in recent memory, which are important either because of their size or the visibility/cultural importance of the target.
Spamhaus vs. Cyber Bunker (“Operation Stophaus”)
Known by many as “The DDoS Attack That Almost Broke The Internet”, the attack that took down Spamhaus in Spring of 2013 was truly massive. Spamhaus is an email filtering company that as its name might suggest, stops SPAM email from ever entering millions of inboxes around the world. They keep track of where these SPAM messages originate from and noticed that many were coming from a Dutch hosting company called Cyber Bunker. When Spamhaus inquired to Cyber Bunker about the SPAM and other baddies that were seemingly originating from them, they responded bombastically and claimed they were an independent nation that isn’t under the jurisdiction of Spamhaus or anyone else. Spamhaus acted accordingly and essentially worked with Cyber Bunker’s providers to sever their connections. Cyber Bunker responded by launching a huge DDoS attack, that at its peak, was funneling 300 Gbps to Spamhaus’ site. One of the largest DDoS attacks on record prior to the Spamhaus attack was around 100 gigabytes per second, to put it into perspective.
The Church of Scientology vs. Anonymous
The DDoS that was launched and carried out against the Church of Scientology’s website pales in comparison to the Spamhaus attack, but it’s important for putting the hacktivist collective known as Anonymous on the map and ensconcing them in the cultural lexicon. Anonymous stated through their website that they are opposed to the principles of the Scientology religion, and would act accordingly to expel it “…from the Internet and systematically dismantle the Church of Scientology in its present form.” The attack, carried out in January of 2008, seems almost infantile compared to the Spamhaus attack – at its peak, Anonymous was funneling 220 Mbps at the main Scientology website. Although it was enough to knock the site out and render it inaccessible, it is less than 1,000 times as powerful as the Spamhaus attack. However, outside of tech circles, few people have ever heard of Spamhaus, let alone Cyber Bunker – the Church of Scientology, however, is incredibly controversial and well-known in mainstream circles. This attack received plenty of news coverage, and gave Anonymous global brand recognition. With their signature Guy Fawkes masks and relatively large amount of members, Anonymous quickly rose the ranks of the most notable hacking groups and are arguably the most influential hacktivist collective in history.
Mafiaboy vs. Yahoo, CNN, Dell, Amazon, E-Trade, et al
This series of attacks put the term “DDoS” on the radar for many people, as they occurred in 2000 and showed how potentially damaging they can be. A young hacker from Canada, who went by the online alias “Mafiaboy”, successfully took down Yahoo (at the time the 2nd largest site on the Internet and the world’s most popular search engine), Amazon, Dell, E-Trade, and several other high-profile and highly-trafficked sites using a simple yet effective DDoS method. Even for sites of these magnitudes, they were particularly vulnerable to DDoS attacks, in part due to the fact that the attacks themselves were relatively unknown outside of the techiest of spheres. And as if the sites under attack didn’t have enough egg on their collective faces already for leaving a huge security loophole open on their sites, it was made worse by the fact that Mafiaboy (birth name Michael Calce) was only fifteen years old at the time he carried out the attacks. The amount of damage that a single teenage hacker could reap brought worldwide attention to the concept of DDoS attacks, and caused many sites and hosting providers to immediately implement safeguards to prevent against them. As with anything, attacks and the attackers have grown more sophisticated since Mafiaboy’s exploits, but the relative ease at which a high school freshman could take down the 2nd largest website in the world brought some much needed awareness to DDoS attacks.
North Korea vs. The United States and South Korea
Although this last example is not a specific, singular incident of a DDoS attack, it’s important to include as it shows how governments of nations at odds can employ DDoS as an effective and reliable agent in waging cyber warfare. South Korean websites, in both the mostly in the government sector, have experienced several large and sophisticated DDoS attacks, dating back to as early as 2009 and still occurring today. The first attack that garnered attention in 2009 affected mostly government sites, including many South Korean military sites. Interestingly enough, several prominent U.S. sites – including The White House, the Department of Defense, and The New York Stock Exchange – were affected as well. Officials and cyber security experts soon learned that the attacks in the U.S. and South Korea were related, and not long after that were able to determine that the attacks originated from a diplomatic enemy that the U.S. and South Korea both share – North Korea. In a country with arguably the most restricted access to the Internet, where only a handful of select individuals have access to a (state-run) Internet at dial-up speeds and 3G mobile internet is forbidden, it’s worth noting that they are employing DDoS attacks and other methods of cyber warfare. They have grown increasingly effective at mounting DDoS attacks as well - South Korean officials have gone on record saying that North Korea ranks behind only the United States and Russia in their ability to carry out DDoS attacks.
Derptrolling Attacks of 2014
From January 2 to January 6, 2014, Black Lotus collected data on the highly publicized @DerpTrolling (via Twitter) attacks against online gaming targets which included Xbox Live, EA, League of Legends, and Blizzard. The attacks claimed by the @DerpTrolling collective caused outages to major gaming networks such as Xbox Live, EA, League of Legends, and Blizzard, and were the result of the CVE-2013-5211 attack vector. Black Lotus measured the @DerpTrolling botnet at a maximum capability of approximately 28 Gbps. The attacker was likely seeking soft targets in an attempt to trigger IP address null routes by the carrier of each respective target. This would have the effect of rendering the target inoperable without the attacker having to exhaust any additional DrDoS resources. More detailed information can be found in a recent Black Lotus Threat Report here: http://www.blacklotus.net/pdf/Black-Lotus-Threat-Advisory-NTP-Reflection-Attacks-Jan-8-2014.pdf
