Human rights groups are increasingly getting shut down by distributed denial of service (DDoS) and other cyberattacks, according to a report from Harvard University’s Berkman Center for Internet & Society. The center reported that 280 independent media and human rights websites were hit by 140 attacks between September 2009 and August 2010.
Only high-profile attacks were reported so many more probably occurred during that period, the report suggests.
The attacks took a variety of forms. In addition to denial of service — which makes a site inaccessible — sites suffered from intrusions and defacements. Attackers often used networks of compromised computers — called “botnets” — which they controlled to launch attacks.
The attacker overwhelms the site with requests to prevent legitimate visitors from reaching it. The requests are designed to look like genuine Web traffic, so they can be hard to filter out. Typically, attackers aim for high-profile websites such as government departments, banks and political organizations.
Why the Study?
“This research was funded by the Open Society Institute, George Soros’ organization,” Ethan Zukerman, senior researcher at the Berkman Center and co-author of the report, told the E-Commerce Times.
“They do a huge amount of work with independent groups and human rights sites,” he noted. “They’ve seen the phenomenon of these attacks, and they said, ‘Is it on the rise — and if it is, what do we do?’ We’re always looking for board topics. The timing didn’t hurt, now that people are spending more time looking at DDoS.”
The researchers were surprised by some of the results.
“We didn’t realize how closely correlated DDoS was with other forms of attack,” said Zukerman. “We felt it was becoming an increasing concern, but we did not have a sense that people were doing a range of attacks.”
The difficulty groups were having in coping with the attacks also came as something of a surprise.
“If you know what you’re doing, you can get a handle on DDoS in a day,” Zukerman said. “Some of these sites were going off for two or three weeks. These organizations don’t have experienced administrators to keep their sites up.”
Websites can take measures to reduce the incidence and severity of attacks, the report suggests. Human rights groups can move their sites closer to the core of the Internet, inside the small number of major ISPs, websites and content distribution networks that have the experience and resources to defend against these attacks, particularly network DDoS attacks.
Application attacks can be strongly mitigated by replacing complex content management systems with static HTML, the report notes, or by adding aggressive caching systems to deliver content at the expense of interactivity.
Sites should also consider whether to host their own sites on a free, highly DDoS-resistant hosting service such as Blogger, even at the cost of prestige, functionality and possible intermediary censorship, the researchers advised.
There are additional ways sites can fight DDoS.
“Sites can protect themselves by using heavy redundancy,” Rob Enderle, principal analyst at the Enderle Group, told the E-Commerce Times. “They can move and relocate to servers on the fly. They can use the major technology vendors that have been hardened against DDoS attacks.”
In addition, major vendors help — but that comes at a price.
“They can go to a big company like Amazon that provides hosting,” said Enderle. “The concern if you’re a human rights group is you don’t necessarily want to use a hosting company because of privacy issues.”
Why the Increase in Attacks?
While cyberattacks are not new, they are getting more attention because more people are on the Internet.
“DDoS is not new at all. DDoS — and standard denial-of-service attacks — have been used for years to attack sites and services for reasons political or otherwise,” technology project manager and Geek 2.0 blogger Steven Savage told the E-Commerce Times. “We’re seeing more about DDoS attacks because of increased public awareness of such things.”
Part of the problem is people are taking their fights online.
“More use of the Internet means that people have moved conflicts to the Internet. What we see now is old conflicts on new ground,” said Savage.
“We are in an age of ever-increasing internet usage. A website that may not have gotten attention for its contents a few years ago is now much more prominent because more people are using the Internet,” he pointed out.
Also, from a technical perspective, it has become easier to launch an attack.
“The software to do DDoS attacks is very freely available,” said Savage. “A reasonably talented person could launch a major attack if they did the right research.”