Word Notes 4.6.21
Ep 44 | 4.6.21

denial-of-service attack (noun)

Transcript

Rick Howard: The word is: denial-of-service attack.

Rick Howard: Spelled: Denial as in repulse or prevent, of service as in "to supply," and attack as in an offensive against.

Rick Howard: Definition: A cyber attack designed to impair or eliminate access to online services or data.

Rick Howard: Example sentence: denial-of-service attacks, or DoS attacks, can cost an organization both time and money by rendering their resources and services inaccessible.

Rick Howard: Origin and context: There are many techniques hackers use to cause these disruption of service. The most simple originate from one machine, and either try to overwhelm the target with network trapping or try to disable the target through some other means. The first ever DoS attack occurred in 1974, courtesy of a 13-year-old high school student, David Dennis.

He was using one of the first computerized sharing learning systems called PLATO run out of the Computer-Based Education Research Laboratory or CERL at the University of IllinoisUrbana-Champaign. He learned that a PLATO command called "external" or "ext" would cause the terminal to lock up if there were no external devices connected. David wrote a program that would send the "ext" command to all the PLATO terminals in the lab, causing them to stop working. Modern DoS attacks today involve a collection of many computers, as many as millions of computers in some cases, under the attacker's control within some sort of botnet. The hacker commands each computer in the botnet to send the disruptive commands to the target. These attacks are called distributed denial-of-service attacks or DDoS attacks. In the Cybersecurity Canon Hall of Fame book, "We are Anonymous," the author, Parmy Olson describes how the Anonymous leaders treated their enthusiastic followers as trolls in some kind of perverse recursive prank and made them think they were more important than they really were. The leaders provided the masses a tool, the low orbit ion cannon. How great is that name? Referred to as the LOIC which allowed them to easily participate in a DDoS raid of choice. Of course, LOIC developers didn't initially protect the users from prying eyes, like the FBI, and law enforcement made many arrests.

According to Dan Goodin at ARSTechnica DDoSers today use amplification attacks to send small datasets to intermediary servers. These intermediaries like memcached database systems, the Network Time Protocol, misconfigured DNS servers, and Datagram Transport Layer Security or D/TLS services respond by sending large volumes of network traffic to the spoofed victim's servers.

Rick Howard: Nerd reference: In the very first episode of one of the best hacking TV shows ever, Mr. Robot, Elliot played by Rami Malik at 2018 Academy award winner for best actor in the movie, Bohemian Rhapsody, it's called in to stop at DDS. The West attack aimed at I-Corps one of his employers, prestigious clients. In this clip, notice two things. The first is Angela Moss played by Porsche Doubleday quickly detailing how much money the attack is costing their client. The second is the boss, played by Michel Gil, mentioning the real life company ,Prolexic one of the first ever denial-of-service protection companies established back in the early 2000s by Barrett Lyon. Lyon and his company featured prominently in one of the early cybersecurity crime books, "Fatal System Error," written by Joseph Menn who also wrote the Cybersecurity Canon Hall of Fame book, "The Cult of the Dead Cow."

Angela: “They attacked Evil Corp servers again, but it's bad. This time it's a DDOS attack.”

Elliot: “It's only been an hour.” 

Angela: “Well an hour in Evil Corp time is like, $13 million dollars in revenue, approximately. Actually, I calculated that. That's exactly how much they lost.”

Loyd: “This is bad. Worst DDoS attack I've ever seen.”

Elliot: “Did you reconfigure the DNS? 

Loyd: “Yes.” 

Elliot: “Stopped the services?”

Loyd: “I already stopped the services trying to reboot the servers, but they're not coming back up.” 

Boss: “Where's the attack coming from?” 

Elliot: “Everywhere. Obviously, USA, Finland, Thailand Kuwait.” 

Boss: “Start restarting services, load sharing. Redirect the traffic and call Prolexic for help."