Will Womble

Block 1B
Connection Chaos
Have you ever been stuck in traffic? Theres nothing more annoying than having
to sit in your car waiting for traffic to move. But what about internet traffic? Slow
internet is annoying, but no internet is worse. Anyone that has a little money or a little
skill, is able to send a Distributed Denial-of-Service (DDoS) attack. A DDoS attack
basically overloads a connection with floods of data requests, eventually causing that
connection to become unusable. A problem as severe as a DDoS attack must be dealt
with proactively and people must be made aware.
DDoS attacks can be used for any reason against any connection. All someone
needs is the IP Address and an open port (where packets are routed through) of the
target connection. This is because theres no actual hacking involved in a DDoS attack,
and people are able to send the attacks remotely without needing physical access to the
target. There is an ever-growing variety of different methods for DDoSing, and anyone
is able to purchase a method for little to no money, typically without any skill required.
Even the smallest of these DDoS attacks are capable of shutting down a home
connection.
Over time, DDoS attacks have been used as a form of protest by hacktivists
(hackers working to disrupt controversial governments or companies) such as
Anonymous, the hacker group and notorious cybercriminals. However, DDoS attacks
have been interpreted as a violation of the Computer Fraud and Abuse Act, making
DDoS attacks illegal despite popular opinion. Kaspersky Labs CEO Eugene Kaspersky

says that, "In cyber-space there is a very short distance between criminals, activists and
terrorists. You attack a web page and cause it to crash, that's crime; you do it a bit more
strongly and crash a country, that's terrorism ("'Cybercrime-as-a-service' the New
Business Model for Hackers" 8). However, DDoS attacks are typically used to just pave
the way for hackers to access the downed network without being detected.
DDoS attacks are commonly launched by commercial cyberattack services which
are known as booters or stressers. These services are advertised across different hack
forums and typically give customers access to the sites botnets, which are pools of
computers and servers under a hackers control. Essentially, this means that anyone,
with a dollar or less, could launch a DDoS attack. This allows hackers to monetize their
cybercrimes. Not only are hackers gaining money, but DDoS attacks cause serious
damages and losses in revenue for the victim. In the company Incapsulas DDoS
impact report, it was reported that:
Based on a survey of 270 North American companies, the report found that 45
percent of the companies surveyed have been hit by a DDoS attack, with the
average DDoS attack costing businesses half a million dollars.
The majority of DDoS attacks tend to be brief, with 86 percent lasting for less
than a day, and 68 percent for less than 13 hours. However, they have the
potential to cause an estimated cost of USD40,000 per hour. Also, 87 percent of
respondents that have experienced an attack have suffered at least one nonfinancial consequence ("Report Reveals 45% of Businesses Have Had DDoS
Attack")

So as the hackers are gaining money, the businesses are losing money. And not only is
the income increasing, but the costs for hackers is decreasing, whilst the costs for
businesses are increasing.
The irony of DDoS attacks, is that despite how big of a problem they are, hardly
anyone knows about them. Most people would think that cybercrime on a scale like
this, would be obvious to the public and law enforcement. But since it isnt, the obvious
solution is to make the public aware of DDoS attacks and advertise how illegal they are.
If half of the people that actually launch DDoS attacks knew what they are really doing,
they would stop immediately. Most people just see DDoS attacks as harmless ways to
stop the connection of some business that gave them poor service or to shut up some
guy being a jerk on the internet. But in reality, no one realizes all the damage they
cause, or even the fact that they are breaking the law. Hacker Gregg Housh writes, Its
like a hundred crazy couponers blocking every lane in the grocery store: Its obnoxious
but not damaging anything. (Turton). Nevertheless, people will still launch DDoS
attacks because they know that the chances are that they wont be caught. Thats why
police need to step up.
As cybercrime continues to innovate and expand, law enforcement is stuck on an
internet treadmill. Even organized crime groups have figured out how to use cybercrime
to support traditional crime. Police are being left in the dust, lacking the required skills
and knowledge to even think about competing with cybercriminals. Adrian Culley, a
cyber security consultant and former detective in the Scotland Yard Computer Crime
Unit, says:

"Whilst Sir Robert Peel's 1829 policing model has mostly stood us in good stead
for physical, tangible matters, and indeed been exported around the world, it is
now struggling to deliver for digital society and cyber-crime. A wider debate is
needed across society as to how 21st Century policing engages with things
cyber."
"Cybercrime-as-a-service shows crime continues to innovate. Policing must also
innovate to meet this challenge." ("'Cybercrime-as-a-service' the New Business
Model for Hackers" 8)
Specific laws need to be passed in order to stop people from exploiting loopholes in our
legal system. On different note, the public themselves need to step up. Hackers
survive off of the vulnerabilities of others, which is why we need to promote safe internet
practices and the use of better malware protection in order to prevent being part of
some hackers botnet. In order to really cut off a hackers life line, law enforcement
needs to set strict requirements for the sale of Virtual Private Servers (VPS) and other
viable servers.
Through the combined efforts of the public, law enforcement, and legislature, the
issue of DDoS attacks and other cybercrime, can be stopped. Because whats currently
being done just isnt working. But before we can start, everyone needs to be aware of
DDoS attacks and other cybercrime. That way hackers wont be able to just casually
exploit anyone they want, and eventually will be cut off. The total overall organization
and awareness of the people, needs to be greater than any congregation of hackers.

Works Cited
Colon, Marcos. "Tidal Waves of Spoofed Traffic." SC Magazine Feb. 2015: 14. General OneFile. Web.
10 Mar. 2015.
"'Cybercrime-as-a-service' the New Business Model for Hackers." SC Magazine 2014: 8. General
OneFile. Web. 11 Mar. 2015.
"Report Reveals 45% of Businesses Have Had DDoS Attack." Internet Business News 13 Nov. 2014: n.
pag. General OneFile. Web. 10 Mar. 2015.
Turton, William. "Lizard Squad's Xbox Live, PSN Attacks Were a 'marketing Scheme' for New DDoS
Service." The Daily Dot. N.p., 30 Dec. 2014. Web. 15 Mar. 2015.