FINAL WORD
centre based at Carnegie Mellon
University in Pittsburgh – releases an
advisory on the growing phenomenon
of TCP SYN floods using spoofed
source IP addresses.
• 1997: The world sees the arrival of
early DDoS tools, such as Trinoo, Tribe
Flood Network, TFN2K, Shaft, and
others, often coded by their authors.
Primitive DDoS networks emerge, using
IRC and Eggdrop or the Sub7 Trojan.
• 1998: The document RFC 2267 is
published, which details how network
administrators can defeat DDoS
attacks via anti-spoofing measures.
This document eventually becomes
a best current practice adopted by
many networking vendors.
“Today,
anyone with
a grievance
and an
Internet
connection
can launch
an attack.”
Bryan Hamman, Territory Manager for sub-Saharan Africa, Arbor Networks
• 1998: The Smurf Amplifier Registry is
launched to help discover and disable
‘Smurf’ amplifiers, which are abused
in DDoS attacks. Smurf attacks use a
spoofed broadcast ICMP ping to then
reflect back to a victim to create the
attack traffic. By 2012 over 193,000
networks have been found and fixed.
• 1998: Michael Calce, aka 15-year-
old ‘Mafiaboy’, launches sustained
DDoS attacks on multiple major
e-Commerce sites including Amazon,
CNN, Dell, E*Trade, eBay, and Yahoo!.
80
INTELLIGENTCIO
At the time, Yahoo! was the biggest
search engine in the world. He is
investigated by the FBI. The Montreal
Youth Court sentenced him on 12
September, 2001, to eight months of
‘open custody’, one year of probation,
restricted use of the Internet, and a
small fine.
• 2002: Significant ‘Smurf’ attacks
strike the root DNS servers and cause
some outages for some sites. The
attacks are eventually repelled. Total
traffic eventually hits 900 Mbps.
• 2007: The former Soviet republic of
Estonia is hit with sustained DDoS
attacks following diplomatic tensions
with Russia. The issues arise after
Estonia moves a statue honouring
Soviet forces who served in World War
II against Nazi Germany.
• 2008: Russia is accused of attacking
Georgian government websites in a
cyberwar to accompany its military
bombardment, weeks before the
invasion of the disputed territory of
South Ossetia by Russian troops.
• 2008: Project Chanology is launched
by members of ‘Anonymous’, a
leaderless Internet-based group, in
response to the Church of Scientology
trying to remove an infamous Tom
Cruise interview video from the
Internet. Project Chanology used DDoS
as part of its measures to try to disrupt
the Church of Scientology’s operations.
• 2011: Members of Anonymous
launch attacks against the sites of
PayPal, Visa, and MasterCard in 2011
after the payment service providers
refused to process financial donations
intended for WikiLeaks.
• 2011: A DDoS attack on Sony
is proportedly used to block the
detection of a data breach that
leads to the extraction of millions
of customer records for PlayStation
Network users.
• 2011–12: Between December
2011 and March 2012, against a
background of political tension in
Russia including presidential elections,
which were fraught with political
demonstrations, DDoS attacks enter
the political landscape, with DDoS
attacks on both opposition as well as
pro-government sites. The world sees
Russian cybercriminal methods being
used for political ends.
• 2012: Similarly, although arguably
not so widely, DDoS attacks are
used for political reasons when
Canada’s New Democrat Party sees
its leadership election negatively
affected by a DDoS attack that delays
voting and reduced turnout.
• 2012: Unknown groups hit various US
and UK government-related websites
in protest at these governments’
Wikileaks position.
• 2013: FBI says more cooperation with
banks is key in probing cyberattacks.
• 2013: Largest attack reaches 300Gbps
www.intelligentcio.com