Cybercrime is a burgeoning epidemic in modern crime. Criminals are increasingly attacking the foundation of the Internet to execute criminal activities, regardless of nationality or stature, inflicting serious harm and posing very real threats to victims worldwide as this sample essay will address.
DDoS: Unmasking the Ku Klux Klan
Cyber attacks are burgeoning at an all time rate. No one industry, sector or category is safe or can feel perfectly protected. As systems become more technologically advanced, threats become increasingly more precarious and confounding. In fact, Staminus, a California based hosting provider, whose sole objective is to protect its clients from DDoS attacks, was hit with a DDoS attack on March 10th.
In addition to being down from Thursday through Wednesday of the following week, Staminus’, whose tagline is
“Keeping You Connected. The most experienced DDoS protection & mitigation security solution vendor on the market. Hybrid appliance & cloud solutions for global enterprises & service providers”
the DDoS cyber attacker left management suggestions for the company, as well, entitled, “TIPS WHEN RUNNING A SECURITY COMPANY”.
To add to their difficulties, one of their clients, the Ku Klux Klan’s (KKK) business relationship with Staminus was revealed, along with the release of the KKK’s private information. Staminus CEO Matt Mahvi acknowledged in a message to customers,
“usernames, hashed passwords, customer record information, including name and contact information, and payment card data were exposed”.
Unencrypted customer credit card information, including account numbers, expiration dates and CVV security numbers were also leaked. It is not clear which was more troublesome for the company, whether the unprotected credit card leak was most critical, or the exposure of their otherwise cloaked in cloth business client.
What is a DDoS?
The Ku Klux Klan and DDoS host protector Staminus have not been the only victims of stealth attacks, though. Numerous companies have fallen victim to DDoS attacks. Just recently, HSBC called the police to address DDoS cybercriminals who took down their online banking system. DDoS, or distributed denial of service, is a cyber attack where multiple infected systems in a compromised state aggressively barrage a singular target network with an enormous flood of incoming traffic, denying service access to the system’s legitimate users.
Unlike DoS, which is denial of service through one computer and one Internet connection, DDoS utilizes a complexity of computers and connections to attack the resources of its target. Regularly, DDoS assaults are worldwide, by way of hundreds or thousands of sources at once, and dispersed through the use of botnets. The difficulty with addressing a DDoS attack is that there are so many points of origin, it is difficult to determine illegitimate users from legitimate users. Further, there are several flavors of DDoS attacks, just to add a little complication to the complexity.
Types of DDoS attacks
There are traffic attacks, bandwidth attacks and application attacks. In the case of traffic attacks, a large amount of ICPM, UDP and TCP packets are distributed to the target in overwhelming volume. Customer requests often get lost in the mix, and the attacks can be laced with malware. In bandwidth attacks, the source inundates the target with what amounts to rubbish data, the technology resources and bandwidth become deluged resulting in a shut down.
In application attacks, otherwise known as HTTP floods, which are smaller and effectively more stealthy than the other attack formats, the web application layer is the focus of the aggression. This hit encompasses engulfing the web server, active scripts and databases. The methodology addresses resources, memory, or CPU, rather than focusing on the network. Resources are then depleted and system services become unavailable.
Types of DDoS application attacks
DDoS application attacks come in four essential classifications:
- basic HTTP floods
- randomized HTTP floods
- cache-bypass HTTP floods, and
- WordPress XMLRPC floods
A basic HTTP flood is a simple attack that requests connection with a page over and again, using the same referrers, IP addresses and user agents. On the other hand, a randomized HTTP flood is a more intricate attack that encumbers an expansive amalgam of referrers, IP addresses, user agents and randomized URLs. A cache-bypass HTTP flood is a subset of its sister, the randomized HTTP flood. The cache-bypass offers all the services of the randomized version, but attempts to bypass web application caching, as well. A WordPress XMLRPC flood makes use of a WordPress function called pingback as its means of egress.
The growing DDoS killing field
In fact, Akamai Technologies, a technology company with $1.58 billion in revenues, and a history of working with companies like, Facebook, Apple, Twitter and eBay indicates that there was a 57% increase in the volume of DDoS attacks since 2014 (Lewis-a). Driving this increase was a 241% escalation in the quantity of incursions exploiting SSDP floods. SSDP is an acronym for Simple Service Discovery Protocol.
It provides a backdrop for cyber attackers to distribute target directed traffic in a DDoS barrage. The cyber criminal can simply amplify the impact of their offensive, lodging larger volumes of traffic against their victims than otherwise possible, simply by attacking nodes. According to Lewis,
“SSDP is commonly found in devices using Universal Plug and Play (UPnP). The largest attack that was witnessed in this instance was one that reached 106 Gbps of malicious traffic” (2015).
The opportunity to initiate DDoS attacks continues to grow because as the Internet grows, and more and more poorly configured systems emerge, cyber criminals seize system vulnerabilities to enlarge the girth of their botnets. When security is not designed into various technologies from the design phase, the foundation is created for cyber masterminds to clutch susceptibilities, and build bigger and bigger networks of maliciously infected zombie armies that perform at the behest of the cyber offender.
The russians are coming!
Central to the DDoS warfare technique is a band of sick, malware-infected computers called botnets (Clayton). Botnets are controlled by a remote command server that directs its virus laden computers minions to perform its bidding. Russia is the capital of securing botnets, and the country has an inexpensive and flourishing clandestine digital economy.
You can effectively rent a botnet for a variety of reasons, including spying on that ex you hate so much, but more specifically, you can buy a botnet to take down a major organization or business. Just when you thought the Cold War was over, you failed to realize it has simply morphed into a new and more sophisticated intercourse that can actually come right into your home by way of the Internet. Rik Ferguson of Trend Micro, says, on the Russian cybercrime market, it is a
“very much a well-established market.” He says, “It’s very mature. It’s been in place for quite some time. There are people offering niche services, and every niche is catered for”.
The key to the Russian cybercrime market is that it is extremely inexpensive to get what you want. You can buy a Russian botnet for about $700, but you can hire one for $2 per hour.
The pimply-faced kid is coming!
It would not be fair to blame everything on the Russians. On the list of those commoditizing cybercrime, the United States comes in second behind Russia (Clayton). DDoS is being set up as a service offering and is being delivered from the cloud (Lewis-b). Similar to the way that you can order a variety of services from Legal Zoom, you can order your favorite flavor of latte from the DDoS platform.
You can order just a few hours-worth of attack latte, or several months (Lewis-b). You can order low powered attacks, or full force, bring the house down types of Latte Macchiato with Expresso. As a result of the commoditization of DDoS, anyone who cares about this type of thing has access, including the 15 year old, pimply faced kid down the street who eats Doritos while spending twelve hours a day playing Call of Duty: Black Ops III.
Why are cyber criminals doing this?
The increase of DDoS begs the question why? If you are smart enough to figure out the requirements for accomplishing a cyber attack, why not go to work as a technical consultant or start your own company and get it funded for millions on Kickstarter? Not sure, but the possible reasons are many.
- Holding a grudge against an organization or individual
- Ease of anonymity
- The thrill of it all
- Legal system has not caught up with technology
- Once a criminal always a criminal
- Financial gain
- Foreign government retaliation or aggression (“Why Do People Hack?”).
One of the standout reasons organizations might give serious consideration to is people who hold a grudge against the company because of being fired, overlooked, not paid enough, jealousy, unethical business practices, or some other vengeful internalization of something the attacker perceives as bad. As the DDoS bar to entry increasingly diminishes, and DDoS platform providers offer more and more boutique type services, including guaranteed anonymity, the more organizations are going to have to employ technical wizards who understand the subtleties and nuances of DDoS and other cyber crimes and attacks that will surely evolve over time.
Foreign government retaliation or aggression is another consideration. The ability to bring a national, international business or government agency down to its knees and publicize its vulnerabilities is something that does not cost a foreign government as much as engaging in espionage and reconnaissance maneuvers. The New York Times published an article about a malicious hacking against the news company by the Chinese government.
The article entitled, “Hackers in China Attacked the Times for Last 4 Months” claims that Chinese hackers entered the New York Times computer systems and obtained reporters’ and other employees’ passwords . The timing of the attack was consistent with a report done on the net worth of relatives of Wen Jiabao, China’s prime minister (Perlroth).
The potential reasons why one would engage in a DDoS attack or any other cyber crime is always going to be a murky supposition. What is key is that organizations recognize that the risk potential is great and will escalate exponentially each year as the cost to accomplish the attack will diminish at the same rate.
Clayton, Nick. “Where to Rent a Botnet for $2 an Hour or Buy one for $700.” The Wall Street Journal. Dow Jones & Company. 5 November 2012. Web. 17 March 2016. http://blogs.wsj.com/tech-europe/2012/11/05/where-to-rent-a-botnet-for-2-an-hour-or-buy-one-for-700/.
Fox-Brewster-a, Thomas. “Hackers Claim Breach of Ku Klux Klan’s Security Company — UPDATED” Forbes. 11 March 2016. Web. 17 March 2016. http://www.forbes.com/sites/thomasbrewster/2016/03/11/kkk-staminus-hacked/#d922d236942b.
Fox-Brewster-b, Thomas. “HSBC Calls In Cops To Chase DDoS Attackers Who Took Online Banking Down.” Forbes. 29 January 2016. Web. 17 March 2016. http://www.forbes.com/sites/thomasbrewster/2016/01/29/hsbc-ddos-downtime/#a181b1d51c27.
Lewis, Dave-a. “DDoS Attacks Continue to Rise.” Forbes. 29 January 2015. Web. 17 March 2016. http://www.forbes.com/sites/davelewis/2015/01/29/ddos-attacks-continue-to-rise/#e4950e64b7fa.
Lewis, Dave-b. “Commoditization of DDoS Attacks.” Forbes. 29 April 2015. Web. 17 March 2016. http://www.forbes.com/sites/davelewis/2015/04/29/commoditization-of-ddos-attacks/#463a0b1260bc.
Perlroth, Nicole. “Hackers in China Attacked The Times for Last 4 Months.” The New York Times. The New York Times Company. 30 January 2013. Web. 17 March 2016. https://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html.
Staminus. “Keeping You Connected.” Staminus. Web. 17 March 2016. https://www.staminus.net/.
Steadman, Ian. “The Russian underground economy has democratised cybercrime.” Wired.co.uk. 2 November 2012 Web. 17 March 2016. http://www.wired.co.uk/news/archive/2012-11/02/russian-cybercrime.
Vaas, Lisa. “Attacker leaves “SECURITY TIPS” after invading anti-DDoS firm Staminus.” Naked Security. Sophos. 15 March 2016. Web. 17 March 2016. https://nakedsecurity.sophos.com/2016/03/15/attacker-leaves-security-tips-after-invading-anti-ddos-firm-staminus/.
“Why Do People Hack?” Regis University. Web. 17 March 2016. http://informationassurance.regis.edu/ia-programs/resources/ia-update/why-do-people-hack.