Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
HackingAS LONG AS there are devices online, there will always be attacks made on them.
This week saw the latest examples emerge with Government sites and a few others being forced offline.
The type of attack, Distributed Denial-of-Service (DDoS), isn’t new but the frequency in which they’re appearing is increasing. It’s the most common type of attack because of how easy it is to complete, but how much of an impact can they really have?
What exactly is a DDoS attack?
In basic terms, a DDoS attack overwhelms a site or service with traffic, causing it to slow down or go offline.
Such attacks have been carried out for as long as the internet existed, but the ease of which you can perform one – either by having the required skills or enough money to pay for an attack, provided you know where to look – makes one easy to carry out.
A good way to think about it is if you were to liken a site to a train. While they’re designed to handle both normal and rush-hour crowds, a DDoS attack sends a large crowd continuously pouring in without warning. If it becomes too much, it prevents the train from moving and stops people from traveling.
How are they carried out?
How it does this is through a process called a botnet. This is when computers and devices connected to the internet contribute to an attack, without the owners’ knowledge.
As part of the attack, these computers are infected by malware or a virus giving an attacker control of it. The owners of these computers are unaware this has happened, the most they will notice is slowdown or crashing.
Those controlling these computers, which can easily be a few computers or a hundreds of thousands depending on the attacker’s proficiency, can be used to target a site or service. Even if the attack doesn’t succeed, the source behind it is next to impossible to track down thanks to the number of devices used.
Sometimes botnets are referred to as a zombie army in that those computers affected have no control over what they’re doing, mindlessly sending traffic to the one target while it tries to defend itself.
A bit like this.
Why are they carried out in the first place?
There are a few reasons but usually boil down to two big ones: activism and extortion.
In the case of activism, the founder of security consultancy BH Consulting, Brian Honan, explained that this could be done by targeting a large or prominent service, and using the attention to highlight a message.
“It can be used as a tool to promote your messages so they’re normally followed up,” he says. “[The group] claiming responsibility for the attack and why they’ve done it”.
Extortion usually happens by a group threatening a DDoS attack unless a fee is paid. For most commercial sites, downtime can have an adverse effect on day-to-day business and can result in lost revenue. An attacker can target a site, tell them to give them money or suffer a DDoS attack, and carry it out until they pay it or figure out a way to counter it.
The cybersecurity services expert for Grant Thornton, Mike Harris, says such attacks are “making a comeback” compared to a few years ago.
“There are websites … [where] you can buy time and bandwidth and you can point it [towards a target],” he says. “It’s very straightforward to do with very little expertise”.
How big a concern are they?
They’re noticeable depending on the target but not at the same level as other cyberattacks that result in personal data being stolen. Honan says such attacks have been happening for a while , it’s just that they’re more noticeable now since the internet plays a major role in our lives.
“DDoS attacks are nothing new, they’ve been going around for decades”, says Honan. “What’s happening now is because we have more systems online and in a way, we’re more dependent on them, these attacks are becoming more visible”.
Yet the bigger problem is there being more devices starting to connect to the internet. While this was limited to PCs and smartphones, the Internet of Things is now connecting generic items like fridges, thermostats and other household items. While it offers greater functionality, it brings up its own major security issues.
Although it wasn’t an attack, a recent example saw the Nest thermostat deactivate in the US because of a software bug, leaving owners unable to change temperatures and heat up their home. If a bug can cause that much trouble, an attack can do worse.
“There is new technology, new services and new devices that are being created, installed and plugged into the internet with security being an afterthought, without security designed from the very beginning,” says Honan.
There is an onus on companies out there developing applications services and solution that they need to make sure they build in security at the beginning instead of making it an afterthought.
It’s a concern echoed by Harris who says what we could see now are industries, which traditionally never dealt with the internet, having to tailor their devices to cope.
“Industries that haven’t been dealing with security threats that the internet brings are now front and centre of those threats,” says Harris. “They’re not doing the things the IT world has learnt, to varying levels of success, to defend against these attacks, and that’s combined with organised crime working out how to monetise these threats”.
Most organisations prioritise functionality. [They ask] ‘Does it do what it’s supposed to do?’ instead of ‘Does it do things it’s not supposed to do?’
So it’s all doom and gloom, huh?
Not quite. While such attacks are easier to do, defences against them have improved and for every attack you hear about, there are many, many more that failed.
Unsurprisingly, the responsibility falls on companies and site owners themselves to have the necessary protection. It’s easier for larger corporations to fund, but smaller businesses should keep it in mind since such attacks can have a bigger impact on them.
[DDoSs are] not too complicated to conduct,” says Honan. “Likewise if you have the right tools and services in place, they’re easy to defend against too”.
For businesses that are going online, they will need to sit down and look at what services they’re offering online and the potential threats they face and put the right protection in place … The same way you’re opening up a physical office, you need to make sure you have security in place.
Harris offers similar advice for smaller businesses.
“There are things organisations can do [like] have conversations with their ISPs (Internet Service Provider) about what protection they can get,” he says. “Often what you see is organisations won’t do anything until they get hit … and they don’t realise how important their website is to their business.”
Yet a DDoS attack isn’t the be all and end all for anyone, and while they can take sites offline, Harris puts the situation into perspective.
The world hasn’t collapsed. A couple of sites are knocked out. It’s not the end of the world.
To embed this post, copy the code below on your site
Inefficient way of working. Lots of people just staying for the social life. Much prefer the German approach of shutting the office down- if you can’t do your job from 9-5 something’s wrong – go home and relax and contribute to your community.
If only all companies were like this.
Some companies work people to the point of burn out.
This happy go lucky workplace at Google etc is purely a way of keeping people in work longer and only socialising with colleagues.
Throw in the fact that they’re main targets are CS grads who might be a bit socially challenged and you have willing victims at the ready.
Software development is a very stressful and demanding job. Providing a relaxing atmosphere helps productivity.
Only stressful and demanding if badly managed. American companies think they own you so they don’t have to plan correctly, they’ll just throw more people at the problem whether it’s working until 4am or weekend work at regular rates.
These environments are fine when you’re young – the craic is great and you don’t mind working the hours if you get free drinks nights etc. however it breeds bad habits in management and workers. Just my experience.
Agreed – the American way of working is based on working long hours rather than doing your job well – its also very short term driven because of the bonus culture – it has led to biggest recession in recent memory
Modern IT is a 24hr culture. It’s not possible to do everything in the old style 9-5 workday. Software deployments and batch tasks tend to have to run outside these times. If people want a 9-5 job with handy money and promotions based on length of service etc, then IT is the wrong place to be.
“Modern IT is a 24hr culture.”
That’s not true. I work in IT, I arrive 10-15 mins late in the morning, and I am gone to catch the Luas at 5:32pm
Why not mix it up some days, and arrive 10-15mins early, and then go to catch the luas at 5.02pm. Keep people guessing
I like the cut of your jib, maybe I’ll even take it a step further and get the bus home. I’d be the talk of the office.
Anything that touches IT is like this. I just quit my job in IT recruitment, working 7:30 to 21:00 every day and then some on the weekends, take lunch at desk while working, it’s insane. Life is for living, not making other people rich mannnnnnn.
Though at 21:00 we did play some sick table tennis!
@cpm the fact that you are freely admitting to arriving late every morning and leaving at the same time each day suggests you are the work shy sort. Also you travel via public transport with the great unwashed which suggests you don’t earn enough to owe a car. I think you ought to work harder and you’ll achieve more, otherwise you’ll still be stuck at the java in your 60s.
Oh dear me, Jon! So many assumptions in such a short paragraph. Anyway, the reason I get the Luas is because it’s about 10x quicker than driving in the city centre. So maybe I’m just more efficient with my time than you are – this probably explains your 24hr work schedule.
“otherwise you’ll still be stuck at the java in your 60s.”
- let me guess, – you’re one of “those guys” who could never get their head around programming LOL
A lot of people actually choose to stay programming long into their careers, – it keeps the brain ticking over unlike a lot of other activities, and the challenge depends a lot on the complexity of the problem at hand.
Table tennis not ping pong.
Unfortunately for every Google, there are 3 places who just want to grind 10 hours a day of hard slog out of employees. ESP call centers (which aren’t it jobs). People want to work where they are valued, more likely to happen in a small business than a sprawling multi national. Not a huge shock of a survey in fairness.
Your right Paul,
Some horrible companies to work for out there.
When times are good, these companies won`t hire enough staff and people will have a high workload.
When times are bad, these companies will fire a lot of people, will then not have enough staff, people will have a higher workload, lower pay, and put in crazy hours for fear of being the next person to be fired.
Meanwhile some of the directors jump ship with payoffs close to a million quid. Not naming companies but these things happen.
Imagine the uproar if public sector workers got free haircuts, swimming pools, lounges and ping-pong tables.
Just saying.
Imagine the shock if the government that hired the public sector workers posted quarterly profits in the billions thus being able to afford the pools and nice lunches…
If IT companies are earning exorbitant profits like this doesn’t it mean we’re all overpaying for IT services?
To be honest, ill work with whoever pays me the most and offers the best T&Cs. Startups are definitely interesting but often can’t compete on wages. Young IT professionals will move around a bit.
Sitting round cuddling office dogs, playing ping pong and sitting in ‘creative spaces’ with nerds all day sounds like my idea of hell.
Office dogs sounds cool.
Don`t knock table tennis, great game.
WOOF
Some of the irish start ups are cowboy setups – people looking to make a quick buck and little interest in developing staff
Companies outside the IT sector need to take note. People perform better and you get better results if you have a fun environment and atmosphere to work in.
Lol!!! It’s not our fault we chose the right career path
I worked for two start-ups, both went out business at a moment’s notice, while the wages in start-ups with funding can be higher, the security just isn’t there, and if you have a mortgage that’s not a great thing. I’d be very happy to work for Google!
have your say