Hacking by DDoS Attacks

Most people picture a hacker as someone who writes magical codes to break into any given system. This stereotype is perpetuated by Hollywood films and other pop culture media. But, as is the case with most science-based pop culture productions, this is far from reality. Hacking is an art where programmers use sophisticated models and strategies to break the security of the system of interest. A large number of these strategies work simply due to the existence of one design principle that links the rest of the world- Networks. That’s it. 

 

Sure, a large number of hackers rely on the ignorance of the general user to install a particular piece of software unknowingly into the system. But without the user joining a network, they cannot really do much with the infected system. So if we can build completely secure networks, then we would be able to solve the issue. Sounds simple, right?

 

Building such a completely secure system isn’t practically feasible. As we move to a more digital society with the advent of the Internet of Things(IoT) and robots, coming up with methods to counter this problem is imperative. 

 

One of the smartest strategies used by modern-day hackers to distract the administrator is that of a DDoS attack. Distributed Denial of Service(DDoS) refers to deploying a large number of bots across the internet which are used to attack a single server, network, or an application by sending an overwhelming number of requests. As a result, legitimate users can’t access the service. While the target servers are busy handling the surge in traffic, the rest of the system may not be as secure at that point in time. This gives an attacker the opportunity to exploit this vulnerability to access sensitive information.  Another case where such an attack would be handy is to bring down the website of a business competitor. In today’s fast-paced digital world, if a website goes down you will suffer heavy losses.

Most attackers use very sophisticated mechanisms to attack end-user systems and maintain control over them for long periods of time. Their objective is to use these end-user systems to clog the network of the target website. This pool of infected machines forms a network called Botnets.  These servers are difficult to track down. Further, your system might be infected and you may never find out about it. Hackers use these attacks to bring down critical systems like hospital networks and nuclear plants or extract sensitive information by weakening the security of the website.

 

In 2018, Github was struck by a DDoS attack with mind-boggling traffic of 1.35 Tbps(126.9 million packets per second) causing the incoming traffic to surge to astronomical values. Just to put the number into perspective, most hard disks have a capacity of 1 TB(~= 8 Tb). Despite the fact that GitHub had security measures in place for DDoS attacks, they could not handle an attack at this scale. Github is one of the major cogs in the world of development. If it goes down, thousands of firms around the world would feel an impact.

Another famous instance of a DDoS attack was carried out by the self-propagating Mirai botnet virus against Dyn.  The source code for Mirai was made publicly available by the malware authors after a successful and well-publicized attack on the Krebbs Website. As a result, this botnet virus is quite commonly used for carrying out DDoS attacks. Mirai infects poorly protected internet devices by using telnet to find those that are still using their factory default username and password which is a very common occurrence.

 

The effectiveness of Mirai is due to its ability to infect tens of thousands of these insecure devices and coordinate them effectively to mount a devastating DDOS attack against a chosen victim. The first major attack( 300 Gbps) was carried out on spamhaus.org. To protect themselves they went to Cloudflare for help. Cloudflare successfully held off the attack which was carried out in 2013 by a British teenager who had been paid to carry out the attack. Back then, Cloudflare was a small startup trying to make it big in Silicon Valley. It became popular(perpetuating the legend of Lee Holloway) for its DDoS protection system which prevented the hacker from infiltrating or disrupting any of the services offered by the firm. The attacker responded by going after certain internet exchanges and bandwidth providers in an attempt to bring down Cloudflare. The attacker inadvertently caused some major issues for LINX(London Internet Exchange). In the years to come, Cloudflare would set industry standards for Network Security.

 

As Computer Scientists managed to devise heuristics-based methods to counter the simplistic models, in came smarter, more sophisticated models for generating domain names. These were based on the language Words and famous domain names which are already in use making them even harder to detect. 

 

As of today, we are involved in a dual arms race. On one hand, a group of researchers and firms are working on building smarter solutions to the DDoS problem. On the other, hackers are working on using AI and other methods to come up with novel Domain Generation Algorithms to beat the system. Developing smart deep learning algorithms may help tip the scales on one of the sides. The one who manages to come up with a smarter model that adapts itself quickly would win the arms race. As of now, it seems like the attackers are ahead.

References

  1. https://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet/
  2. https://www.cloudflare.com/learning/ddos/famous-ddos-attacks/
  3. https://blog.cloudflare.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/
  4. https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf
  5. Image Credits: Pixabay

 

Leave a Reply