DOS (Denial of Service) attacks come in various different forms and intensities, but all have the same purpose, to take a website offline and damage the organization running that website. The most common use for DOS attacks are ransom missions. A hacker will DOS a site and email the owner, demanding payment or else the website will be taken offline. DOS attacks are also used as a form of protest. In 2009, Iranians DDOS (Distributed Denial of Service) attacked several government websites to protest the presidential election. Anonymous has also used DDOS attacks in “Operation Payback” to protest Megaupload being taken offline. They attacked the websites of UMG (the company responsible for the lawsuit against Megaupload), the United States Department of Justice, the United States Copyright Office, the Federal Bureau of Investigation, the MPAA, Warner Brothers Music and the RIAA, as well as the HADOPI, all on the afternoon of January 19, 2012.
The tool most commonly used to conduct DDOS attacks as protest is LOIC (Low Orbit Ion Cannon). LOIC is a free program you can download for any platform and does nothing but send garbage data to a server. One person downloading this program and trying to take down a server does nothing. Not a single website on the internet will fall to one Low Orbit Ion Cannon. Websites only go down when you have thousands upon thousands of people using LOIC at the same time, on the same server. Much like a real world protest, this clogs up bandwidth on the server, making it very difficult for legitimate traffic to travel through. LOIC is most publicly used by Anonymous. In 2008, they gathered enough people to attack the websites of the Church of Scientology. In 2010, they also attacked the Recording Industry Association of America and the websites of organizations opposed to WikiLeaks during Operation Payback.
While large groups of people can very easily take down a website through coordination, for one hacker to DDOS attack a website, he needs an army of botnets, or infected computers that he can control remotely. Another tactic that hackers use to multiply the amount of data sent is to hijack the NTP (Network Time Protocol). NTP is basically the protocol used to get the current time. What’s important is that you send a small request and get a large response, meaning that if hackers who have the NTP server send the response to a single target website, they can triple the amount of data they use to attack. Luckily, many NTP servers are aware of this vulnerability, and about 4 out of 5 servers have been patched against this type of attack.
Not all DOS attacks require angry mobs of people or thousands of zombie computers. Some attacks exploit vulnerabilities in the computer’s software to remotely crash or hang the computer. Teardrop is one of those attacks. Luckily, no modern computer can be taken down with a Teardrop attack – it was discovered and used on Windows 95, NT, and 3.1. An attacker would send a broken internet packet to the computer, causing it to crash. There was no other destruction of data, unless something had not been saved on the computer at the time, the attack would only cause the computer to blue-screen. A similar attack is the Ping of Death. To attack a computer with the Ping of Death, an attacker would send the largest bit of data in one chunk possible. In order to crash the computer the data would have to be larger than 65,536 bytes. The attacked computer would have nowhere to store the extra bytes in memory and would crash.
There are many forms of DOS attacks, and hackers are finding new vulnerabilities to exploit every day. The most effective attacks are still DDOS attacks, where large groups of people decide to take down a site in a form of protest. Though it may not seem like a government site going down for a couple days matters, DDOS attacks have a real world effect and can be used for peaceful protest or they can be used as a form of extortion from a mafia-like group of hackers.