Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Distributed denial-of-service (DDoS) is a type of computer attack that uses a number of hosts to overwhelm a server, causing a website to experience a complete system crash.
This type of denial-of-service attack is perpetrated by hackers to target large-scale, far-reaching and popular websites in an effort to disable them, either temporarily or permanently. Flood attacks are often done by bombarding the targeted server with information requests, which disables the main system and prevents it from operating. Essentially, the targeted website is flooded with so much traffic or data that the site's users are left unable to access it.
Buffer overflow attacks instead target a computer’s physical resources through memory buffer overflows. After the system becomes sluggish, it will eventually crash as its central processing unit (CPU) time, memory and hard disk space are consumed. DDoS attacks cause damage in terms of service disruption, financial losses, or reputation loss. In some cases, when all of the resources of the network or service (memory, storage space, bandwidth, processing power) are exhausted or overwhelmed by the attack, some of the physical components of the target can even be damaged.
DDoS differs from a denial-of-service (DoS) attack in that it uses several hosts to bombard a server, whereas in a DoS attack, a single host is used. The volume of data used in DDoS attacks normally reaches several gigabytes of data per second or more.
In order to extract so much power, many computers must be recruited in so-called botnets or zombie armies by employing a malicious program. Most services cannot defend themselves from such a massive attack, since it comes from hundreds of thousands of infected devices.
In a standard DDoS attack, an attacker starts the process by taking advantage of a vulnerability in a computer system. A computer can be infected with some malware that will recruit it into a bot army for use at a later time.
The hacker makes this compromised computer the DDoS master. Using this master system, the hacker detects, communicates and infects other systems and makes them a part of the compromised systems. A compromised computer system within the control of a hacker is called a zombie or bot, while a set of compromised computers is called a zombie army or a botnet.
The hacker loads several cracking tools on the compromised systems (sometimes thousands of systems). Using a single command, the attacker instructs these zombie machines to trigger several flood attacks toward a particular target. This packet flooding process causes a denial of service. In a DDoS attack, the victim is not only the final target; all the compromised systems are victims of this kind of attack.
One of the largest and most dangerous of these botnets is the infamous Mirai botnet, which was used for racketeering purposes in some of the most devastating DDoS attacks of all time. Mirai recruited between 300,000 and 600,000 infected Internet of Things (IoT) devices into its army.
DDoS attacks have been launched for a broad range of different reasons, ranging from personal grudges against a user or service, to political and/or business rivalries, hacktivism, cyber vandalism, or plain extortion. Attacks that occurred for political reasons include the attack on the Estonian government in 2007, and the attack against the Hong Kong-based grassroots movement Occupy Central in 2014.
WordPress.com, an open-source electronic publisher accessed by millions of electronic publishers and even more electronic authors for content publishing standards, experienced a major DDoS in March 2011. The attack is believed to have been a politically motivated attack against one of the blogs that appears on WordPress.
The site was reportedly down for up to three hours, although users report that it had been extremely slow in the days leading up the crash. The size of the crash pointed to the use of botnets to perpetrate it. Other historical DDoS attacks to sensitive targets include the attack on Google in 2017; the “Six Banks” attack in 2012 that targeted JPMorgan Chase, Wells Fargo, Bank of America, U.S. Bank, Citigroup, and PNC Bank; and the GitHub attack in 2018.