Human rights bodies under seige from DDoS strikes

This year has seen a big number of distributed denial of service (DDoS) attacks launched against human rights organisations, a report has suggested.

Almost two-thirds of respondents to a survey of human rights groups and independent media bodies said they had been hit by a DDoS attack in the past year.

The research, carried out by the Berkman Centre for Internet and Society, based at Harvard University, found there had been 140 attacks against over 280 different sites over a 12-month period from September 2009 to August 2010.

The poll showed 55 per cent of those hit by a DDoS attack had their site shut down by their ISPs in response and, in some cases, organisations' sites were not up and running again until weeks after a strike.

DDoS attacks have become common knowledge this year after the Anonymous hacking group used the method to protest against various sites.

The hacktivists' took umbrage with both anti-piracy bodies and organisations which pulled the plug on WikiLeaks, such as MasterCard and PayPal.

Earlier this year, Panda Security researcher Sean-Paul Correll described DDoS as "the future of cyber protests" and many have predicted such attacks will ramp up next year.

WikiLeaks itself was hit by some hefty DDoS strikes, one measuring in at a massive 10Gbps.

Human rights sites have had to cope with two kinds of DDoS attacks, the first being application DDoS strikes, where massive numbers of requests are made on local server resources, the Harvard researchers explained.

These can usually be mitigated by a decent system administrator but network DDoS attacks, which exhaust network bandwidth, normally need the help of a hosting provider, as well as significant investment.

This means to protect human rights sites from DDoS strikes, their sites should be moved within the remit of ISPs' websites, which have the capability to defend against strikes.

"The rise of DDoS as a technique for silencing human rights and independent media sites is the symptom of a larger problem: the shortage of technical talent in administering these websites and the increasing isolation of the websites from the core of the network," the report concluded.

"We cannot consider DDoS alone, rather, we need to approach IT security for human rights and independent media sites as a whole."

Mikko Hypponen, chief research officer at F-Secure, said extended attacks against human rights groups have been around for years.

"Some of them are DDoS attacks, but the more serious ones are not about shutting down their websites but about infiltrating their services and accessing their data," Hypponen told IT PRO.

"Various NGOs have been a prime target for targeted attacks for quite some time."

Ram Herkanaidu, security researcher at Kaspersky Lab, said DDoS attacks used to be carried out in a random, graffiti-like way, but many now have financial backing from groups with an agenda.

"The majority of DDoS attacks nowadays are financially backed - that is, either used as an extortion scheme, or they get purchased by different parties to shut down adversaries and/or competitors," Herkanaidu told IT PRO.

"Some sites, such as online gaming sites, are more prone to extortion than others because any downtime will mean a great loss of revenue."