Home of internet privacy

Internet hacks: The difference between DoS and DDoS attacks

While often referred to in the media as hacking, a Denial of Service Attack (DoS) is not an intrusion of a computer system, but an attempt to make a service unusable. Denial of Service attacks are very easy for anybody to execute and, as such, are relatively common.

However, professional services have emerged that make it easy to defend against DoS Attacks, or make the attack less effective. When many parties take part in a DoS Attack, it is referred to as a Distributed Denial of Service Attack, or DDoS.

Common Denial of Service Attacks

The easiest form of a DoS Attack is one in which content is simply requested from a site, i.e., a web page, a file, or a search request. This request will consume resources for both the person making it and the person(s) being attacked. In theory, if you have more bandwidth than the service you are attacking, you could consume their entire bandwidth — meaning no one else would be able to download any files.

Some operations might be very resource intensive on the targeted server, but require little to no resources on the side of the attacker. Underprepared services make it cheap and easy for an attacker to slow down the server by overwhelming it, making the service unavailable to other users.

Most services, however, will limit the amount of resources spent on each visitor, to avoid a single user using up all its resources. The server might also block a user completely if their activity is deemed suspicious. In other cases a service might prompt for a captcha, to slow down automatic processes.

Defending against a Distributed Denial of Service Attack is more difficult. Instead of a single user with a single machine flooding a server with requests, there are thousands or even millions of machines (called botnets).

Botnets are compromised machines such as desktop computers, routers, servers, and any hardware connected to the Internet, such as security cameras. The devices are infected with malware and remote controlled by a group of attackers, who often rent out these botnets on an hourly basis for the sole purpose of DDoS Attacks.

DDoS attackers are not lone-wolf hackers.

Nation State Funded DDoS Attacks

When carried out by well-funded actors, such as Nation States, DDoS Attacks become almost impossible to defend against due to the scope of the attack. DDoS Attacks pose a serious threat to the freedom of speech online, as they are done in extrajudicial secrecy and without accountability.

For example, China has in the past repurposed its Great Firewall to initiate DDoS attacks against Github for hosting mirrors of newspaper articles. British spy agency GCHQ is also reported to have used DDoS attacks as retaliation against hacker groups Anonymous and LulzSec. These high-level types of attacks are referred to as “Advanced Persistent DoS Attacks.”

DDoS Attacks can be executed for a variety of reasons. Sometimes their goal is purely political, or an act of vengeance against a previous attack. Attacks can also be carried out for business reasons, for example, to “convince” the customers of a competitor to switch products.

A large and efficient DDoS attack can be expensive, so damage is often limited to just a few hours or days of outage, as the perpetrator cannot afford to sustain it any longer. Still, for a business, even this short time can have serious commercial implications.

Many attackers will use a DDoS Attack for the purpose of extortion. Initially, a small attack is launched against a target, followed by a request for ransom. If the target does not pay, a larger DDoS Attack usually follows, sometimes followed by another ransom request.

Paying the ransom, in this case, is not wise. Other attacks will soon follow (as everyone knows it will pay out). There are many potential attackers out there, so the promise of one group to “not attack” again is meaningless. Investing the capital in DDoS protection is much wiser.

As always, it’s the users that suffer.

Denial of Service Attacks Against Users

DoS Attacks can also be launched against those who do not operate a web service. For example, your email inbox can be the target of what is called an e-mail bomb. During an E-mail bomb attack, a user will receive a large number of e-mails, some with massive attachments, others designed to trigger alerts on the user’s system. If the system, particularly the spam filter, is poorly configured, this can crash the email server or the client (e.g. Outlook) that the user uses to read the email. For the duration of the attack (and possibly longer) the e-mail service will be disrupted. It’s possible that all emails received during the attack are lost, or will take a long time to filter through to the user.

But DDoS Attacks don’t just hit computers — they can make phones unusable, too. A clever method to achieve this involves a fake online ad taken out in the name of the victim, for example for an absurdly cheap car in a big city. The resulting flood of emails and phone calls can be of great inconvenience to the victim. And as they are all non-automated messages from real people, they are very hard to defend against or block.

In extreme situations, getting a new email address or phone number can be the best choice for the victim. A well configured and popular email provider, such as Google or Apple, will go a long way in defending against attacks, however.

All images taken from Dollar Photo Club