In 2002, several major websites which included names such as eBay, Amazon, Yahoo and CNN were rendered inaccessible.
The culprit? A distributed denial of service (DDoS) attack that lasted for as little as 30 minutes on some sites to as long as three hours for others.
Since that event, a document called Best Current Practice #38 (BCP38) was published and detailed ways to prevent the most common form of DDoS attacks.
Fast forward to more than a decade later, you’ll find that major sites still get DDoS attacks. According to an article written by Declan McCullagh on CNET in 2013, attacks continue due to a combination of economics and inertia.
That said, what were the biggest DDoS attacks and how could they have been prevented?
Spamhaus Attack
In 2013, Spamhaus came under attack, it was named by CloudFlare as the one “that almost broke the internet.”
The New York Times even called it the largest known DDoS attack ever. Essentially, the attack was between two organizations, Spamhaus and CyberBunker, but it affected a large portion of the internet.
Services such as e-mail and online banking were extremely hard to access.
The History:
Spamhaus is an anti-spam group. In a nutshell, they collaborate with e-mail providers around the world in blocking spam from invading inboxes. The company has a blacklist of servers they believe are sending spam. They added CyberBunker, a Dutch hosting company, to that list.
From then, Spamhaus experienced a DDoS attack. On March 18, Spamhaus noticed a 10Gbps-sized attack, a value that is small compared to some of the biggest attacks used to take down banks.
However, the value increased the next day to 90Gbps then it kept increasing. At one point, Spamhaus was attacked with 300Gbps.
Although CyberBunker denied any involvement in such activity, Spamhaus believes that they were partly responsible for it.
The anti-spam organization even named “criminal gangs” from Eastern Europe and Russia as participants in the attacks.
How Spamhaus Survived:
CloudFlare helped keep Spamhaus online, as well as Google which helped carry some of the load.
How the Attack Could Have Been Prevented:
In a CNET article, CloudFlare co-founder and CEO Matthew Prince said that the attack could be stopped in two ways: “One, shut down the open resolvers, or two, get all the networks to implement BCP38. The attackers need both in order to generate this volume of attack traffic.”
The GitHub Attack
GitHub called the DDoS attack they experienced on March 26, 2015 as the largest in their history. The attack lasted until March 31, 2015 and the both the Electronic Frontier Foundation (EFF) and Netresec (security researchers) put the blame on the Chinese government.
The History:
The Chinese government was pinpointed as the mastermind behind the attack because two of the project pages involved had sensitive content related to their country.
One was for GreatFire which would allow US users to elude the Great Firewall of China, the other was a Chinese-language version of The New York Times.
The attack was carried out by manipulating the Baidu Analytics user tracking package. Normally, a JavaScript file would be loaded to track users but the attackers replaced that file with a different one – still JavaScript – but this time, it instructed the browser of a user to reload the two pages mentioned above infinitely.
How GitHub Survived:
GitHub “adjusted mitigation tactics” and as such, were able to observe “improved TCP performance for the majority of non-attack traffic.”
How the Attack Could Have Been Prevented:
The EFF said that the attack was possible because the traffic to Baidu Analytics was not encrypted. As such, it allowed a legitimate script to be swapped with a malicious one.
DDos Attacks are becoming more and more frequent on a small to large scale. What are you doing to protect yourself?