Hacktivism Debate: Occupy DDoS

Photo credit: Rob Kints/Shutterstock.com
Photo credit: Rob Kints/Shutterstock.com

There’s something almost (and I stress almost) noble about ‘hacktivism’. It marries two defining characteristics of the current generation – programming and protest – while also carrying the whiff of fun and danger. It’s non-profit and non-threatening, yet promotes a particular ideology, business ethics, even human rights. It’s carried out in the belief that it’s all for a good cause. In sum, it’s a perfect reflection of the zeitgeist.

Now, try telling that to information security professionals. For them, the painful reality is that techno-anarchy has the same effect on networks as any other kind of attack. They don’t see the difference between this or other assaults – and they’re right. Allow me to explain why.

First, let’s be clear that most distributed denial-of-service (DDoS) or hacking attacks are categorically not noble. They’re typically carried out by hardened criminal networks, and the goal is definitely to make a profit, specifically huge financial gains. Nevertheless, attacks launched by underground hacker collectives draw the most coverage, because of their targets and the way the attacks are designed to draw media attention. As such, they bring negative publicity to a company, and are given more consideration than is prudent.

Because of this, in the course of dealing with these hacktivists, networks are left vulnerable. Even in a best-case scenario, the network is taken down for a period of time, and the brand takes a hit. That’s bad enough, but in a worst-case scenario, these protestors are actually exposing the entire network to profit-minded attacks.
The hacktivist causes mayhem to publicly embarrass a particular entity and draw attention to a cause. The criminals then swoop in to steal information and rack up profits.

Although there are many forms of hacktivist attacks – from site defacements to virtual sit-ins and typosquatting – one of the most popular (and lethal) seems to be the DDoS attack. In the most common incarnation of this method, the target network is saturated with external communication requests; so many requests that it can’t respond to legitimate traffic, or does it so slowly that it’s useless. In laymen’s terms, a DDoS attack crashes the server.

More ominously, while the DDoS attack is sending multiple packets of information to a single target, every other network device in the chain is experiencing the effects. The virtually endless hours of downtime and the very real and persistent presence of attack traffic make for a huge distraction. It’s devastating for the entire organization.

Unfortunately, most entities – whether they’re government agencies or large corporations – are ill-equipped to handle such threats. There’s a lack of purpose-built technology for dealing with these problems, and most service-level agreements (SLAs) don’t include a 24/7 commitment to detect and mitigate DDoS attacks.
There’s no panacea on the horizon, no silver bullet that deflects such attacks. Yet, the right combination of defenses can minimize or even eliminate the damage.

In the event of a DDoS attack, every minute counts. To ward off the potential for brand damage or a data breach, the response must be immediate, surgical and comprehensive. This is only possible with a global network that has the bandwidth needed to scrub bad traffic, and an effective mix of best-of-breed mitigation technologies.

Surprisingly, some organizations still believe that their SLAs with managed service providers or upstream carriers give them the resources and skills to put up a defense. In reality, most don’t. Only a service specifically dedicated to the task can do the necessary scrubbing while keeping the trains running on time.

So the next time you read about a hacktivist attack on a government agency or a large corporation, look past the perceived coolness and spare a thought for the infosecurity people dealing with the problem. While hacktivists are romanticized as being the biggest security threat around today, information security professionals need to watch for the criminals who might be right behind them.


Ted Swearingen is Neustar’s director of information security operations and currently manages the company’s Security Operations Center (SOC). He is also responsible for project consolidation between the network and security teams, along with oversight of security responsibilities for both.  

What’s hot on Infosecurity Magazine?