How to
Sponsor ISPA

DDos

A distributed denial of service (DDoS) attack is an explicit attempt to maliciously affect an organisation’s network or online presence.  Differentiated from traditional denial of service attacks, the term “distributed” signifies that the attack is launched from multiple sources. 

DDoS attacks consume resources often in an attempt to disrupt and bring a system to an effective halt. These attacks can originate from various sources.  The most common basis for this attack uses a large number of "zombie” computers under the covert control of the attacker, that all attack at a particular time. In many cases the attacker will gain control of a machine with either a virus, some form of "Trojan horse" email or through a web site that allows the attacker access. Other attacks can originate from a single piece of software that is written specifically to repeatedly attack a server or network, or to replicate itself indefinitely, resulting in a complete system overload.   

The motives behind launching such attacks vary.  Originally they were often initiated as a mere nuisance to a particular organisation or institution.  Attackers then gained a more ideological stance and began targeting high profile sites such as Microsoft, Ebay, and CNN.  There are also cases of politically motivated attacks; against American sites by Chinese hackers for example. Some attacks are part of an underground war between various hacker groups who seek to disable their opponents. Today, attackers are blackmailing sites for monetary gain.  

By contacting sites before an attack is unleashed, perpetrators offer to refrain from launching a DDoS attack in exchange for a large ransom.  Several UK bookmaking companies admit to being forced offline ahead of the Grand National as a result of DDoS attacks.  

The consequences of a DDoS attack can vary significantly depending on what type of institution is targeted.  Online retailers and bookmakers may incur significant revenue losses associated with any downtime.  Whereas an attack on a system that is viewed as part of the Critical National Infrastructure (CNI) such as networks used by emergency services, health, water and transport departments could have life-threatening, serious economic or other grave social consequences for the community.[1] 

In recognition of the growing issues surrounding DDoS attacks, in December 1999, the Home Secretary announced the creation of the National Infrastructure Security Co-ordination Centre, an inter-departmental organisation tasked with offering advice to CNI operations about preventing or handling a DDoS or other attack. 

Notably, the Internet Service Providers Association has taken a pre-emptive approach towards thwarting such attacks.  ISPA’s Code of Practice states that members should co-operate with each other in preventing and investigating instances of DoS attacks and other types of hacking by sharing and disseminating relevant information.  Network administrators are also part of an email and voice-over-IP mailing list that can be informally used to alert each other of an attack in progress, allowing many to be halted within minutes.  

ISPA offers the following advice to commercial organisations wanting to prevent an attack:

Because DDoS attacks often entail an attacker taking control of the computers of unsuspecting users, it is important that the public is aware of signs that indicate their system may be being used as a conduit for an attack. Steps one can take to mitigate this possibility include: installing up-to-date anti-virus software, firewall programmes, being wary of unknown e-mails and attachments, using strong passwords and encryption software. Good personal hygiene of your home computer is an effective barrier to the spread of DDoS attacks, spam and viruses.

Companies or individuals suspecting they have been the target of a DDoS attack should contact the local police or the National Hi-Tech Crime Unit (NHTCU); and may want to consult a lawyer specialising in IT or the Internet Sector. Recourse may be sought under The Computer Misuse Act (CMA) Section 3, which prohibits “impairment of the operation of any computer.”

However, ISPA recognizes that this provision is not concise enough to necessarily include DDoS attacks.  In evidence given to the All-Party Internet Group’s revision of the 1990 Act, ISPA explicitly stated that the CMA is inadequate and ambiguous when dealing with DoS attacks, which results in difficulties when investigating and prosecuting offences.  

ISPA welcomes the findings of the All-Party enquiry which concluded that the Home Office should rapidly bring forward proposals to add a specific denial of service element to the Computer Misuse Act.  Such proposals would undoubtedly be of great benefit to our members and consequently the public.  

- ends -

Notes to Editors

For further information, please contact the ISPA Press Office.

Email: pressoffice@ispa.org.uk 
Tel: 0207 609 1907 

The Internet Services Providers’ Association (ISPA) was established in 1995 as a trade association to represent Internet Services Providers (ISPs) in the UK. ISPA promotes competition, self-regulation and the development of the Internet industry. For a list of members or other information about ISPA, please consult the website: http://www.ispa.org.uk

ISPA holds permanent membership of the Internet Watch Foundation, the Internet Crime Forum, the Home Office Task Force on Child Protection on the Internet, the DfES Safety Strategy Group, EURIM, the Parliamentary IT Committee (PITCOM), the Association of Communication Service Providers, the Oftel Internet Forum, and international organisations such as EuroISPA, and the World ISP Forum.

[1] National Infrastructure Security Co-ordination Centre

[2] http://www.cert.org/archive/pdf/Managing_DoS.pdf