Media, Human Rights Sites Suffer With Rise In DDoS Attacks

The recent wave of online actions by supporters and opponents of information leaking site Wikileaks has focused attention on the phenomenon of distributed denial of service (DDoS) attacks. But a study published by Harvard University’s Berkman Center for Internet and Society this week concludes that there is no clear and easy defensive solution for many of the sites being targeted by DDoS attacks.

The recent wave of online actions by supporters and opponents of information leaking site Wikileaks has focused attention on the phenomenon of distributed denial of service (DDoS) attacks. But a study published by Harvard University’s Berkman Center for Internet and Society this week concludes that there is no clear and easy defensive solution for many of the sites being targeted by DDoS attacks.

The study comes amid an apparent increase in the occurrence of DDoS attacks in the wake of the Wikileaks scandal. DDoS attacks overwhelm computer networks by sending floods of junk traffic to public facing servers, exhausting their bandwidth and temporarily cutting off legitimate access to the servers.

The aim of the study was to provide answers to four questions: how common are DDoS attacks against human rights and independent media sites, which methods do the attackers use, what impact do the attacks carry, and how can at risk sites protect themselves from such attacks.

Researchers Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York, John Palfrey created a database to keep track of reported DDoS attacks on independent media and human rights sites around the world. They then surveyed administrators of these sites and interviewed them to discuss their experiences in withstanding and fending off DDoS attacks.

Their research suggests that the advent of highly publicized DDoS attacks, like those organized in defense of Wikileaks by groups such as Anonymous, will cause a further increase in DDoS attacks in the near future. The report predicts that depending on the intentions of the attackers, DDoS attacks may interact with other types of Internet attacks, like computer and network intrusions and Web site defacing.

The study showed human rights and independent media sites are victims of both application denial of service attacks, which are relatively simple to combat, and network DDoS attacks, which are not. The mitigation of such attacks will require organizations to shift resources from independently managed servers to those hosted by major ISPs, websites, and content distribution networks that have the expertise and tools to defend against more complicated attacks.

Not that there’s nothing to be done when faced with a DDoS attack. The authors of the study recommend that site administrators can replace complex content management systems with static HTML or add aggressive caching systems to deliver content at the expense of interactivity. Organizations should also consider migrating from individual sites to those hosted on larger platforms, like WordPress and Google’s Blogger, which are DDoS resistant, even if the cost of the move is a loss of site individuality and performance.

Organizations adamant about hosting their own content need to be prepared and plan for attacks ahead of time by having attack detection systems in place, and by degrading site performance and even retreating to back-up hosts when necessary. Finally the study advises organizations to work with ISPs and Online Service Providers to determine providers that will work to protect sites from DDoS and agree to continue hosting content unless required to stop by law.

You can find the actual study here in its entirety, and the equally interesting survey results here.

Suggested articles

Discussion

  • Anonymous on

    "The mitigation of such attacks will require organizations to shift resources from independently managed servers to those hosted by major ISPs, websites, and content distribution networks that have the expertise and tools to defend against more complicated attacks."

    I call bunk on this.   REQUIRE? REQUIRE? RED ALERT RED ALERT

    Total bunk fear mongering. 33 people interviewed only?!  

    If anything these sites hosted by major ISPs are the first to kick people out for breaking their TOS /AUP it's the last place you want to be hosting, especially not in control of your own content, or servers. Static pages don't help much if you're really hated. Usually the only reason to use a big ISP is because whatever systarded host they had is such a failure in the first place, it's like bailing out of sinking ship to the first rescue ship, but clearly you can't stay forever.   regular backups system tuning modsec netbsd hardware firewall / routers in front of websites iptables bogons, cidr networks, filtering grep logs for top attacks, patching, as much money, knowledge and time as you have you can burn into security, so you have to know where your lines and limits are. If you don't have enough resources it don't matter who you are your not going to survive a continued DDoS.

    Interview didn't  compare uptime, or attacks from onsite unmanaged servers to paid hosted ones? Not many interviews under DDoS used a series mirrors. (ala fravia.org style) It seems at least 1 out of 3 didn't know "something."   Was netbsd used or another OS against defacements / apps.   If a government agency attacked you was it DNS they used?

    The study is only two years.  Over 15 years I would say the attacks have gone down mostly because people learn to harden over the years.  Usually now I find things out of place where an attempt was made,but because of defences / setups the attempt is unsuccessful at putting all the pieces together to make the exploit work, leaving us with things to study.

    Bah Humbug

    We disagree, I don't hate though ... So, Have a happy new year

     

     

     

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.