Notice: All forms on this website are temporarily down for maintenance. You will not be able to complete a form to request information or a resource. We apologize for any inconvenience and will reactivate the forms as soon as possible.

Tech Tuesday: Why You Should Care About DDoS Attacks (and What You Can DDo About Them)

Player 1: “Everyone attack the boss NOW!”
Player 2: “We’re almost there! He’s at 10%!”
Player 3: “Healer, I need help! I’m almost out of health points!”
Player 4:
Player 1: “Healer! We’re about to lose! What’s going on?”
Player 4: … “Sorry friends, my cat was walking across the keyboard.”
Player 3: “He’s still not healing anyone!”
Player 1: “Well, we’re all dead now.”
Player 2: “Noooooooooo!!!! HE WAS AT 1%!!!!”
Player 1: “Player 4, what happened?”
Player 4:
Player 3: “Kick him. We need someone who’s paying attention.”
Player 1: “I’m on it. Everybody, vote to remove him from the group.”
Player 4: “Sorry friends. No need to kick me out.”
Player 2: “HE WAS AT 1% AND YOU LET US ALL DIE!!!!”
Player 4: “It is not that big of a deal. And you will be hard pressed to find anybody else with my skill level. You will never win with that attitude :)”
(Player 4 is removed from group)
(Player 4 types furiously)
(Players 1, 2, & 3 are disconnected from the game, as well as everyone else playing)
Player 4: “Hehehe. If I can’t play, then NOBODY can.”

What you just read is a watered-down version of an online gaming conversation that can happen just before a DDoS attack. Yes, it’s silly and obnoxious, and if you don’t play online games, this may not seem like a big deal. But DDoS attacks don’t just happen to gamers, they happen to businesses and corporations around the world, and they can even impact your world at home, too—from access to work email to your ability to pay the babysitter online to your daughter’s Pokemon Go game. And they can be very dangerous.

“DDoS” stands for  Distributed Denial of Service. Such attackstarget websites and online services (like gaming). According to Norton Antivirus, it’s designed to “overwhelm [websites] with more traffic than the server or network can accommodate.” And the goal is to render the website inoperable.

In 2000, Michael “Mafiaboy” Calce launched one of the first recorded DDoS attacks. He hacked into the computer networks of universities and used their servers to operate a DDoS attack that crashed several major websites, including CNN, Dell, E-Trade, eBay, and Yahoo, which at the time was the most popular search engine in the world. This attack wreaked havoc in the stock market and the aftermath directly led to the creation of many of today’s cybercrime laws, according to Cloudflare (an antivirus software provider). A similar attack hit  Dyn (a major DNS provider, essentially the internet’s equivalent of a phone book) in 2016, which took down AirBnB, Netflix, PayPal, Visa, Amazon, The New York Times, Reddit, and GitHub.

Now, maybe you’re fine with losing Netflix for a few hours. You might even be glad to get your family away from the screen for a while. But what happens when it’s something bigger—like your bank? Because that’s exactly what happened in 2012. “Not one, not two, but a whopping six U.S. banks were targeted by a string of DDoS attacks,” according to A10 Network Security. And these weren’t small-town banks either. They included Bank of America, JP Morgan Chase, U.S. Bancorp, Citigroup and PNC Bank.

Just imagine: your bank’s website goes down at 4:45 p.m. and you have a bill due at 5 p.m. You figure, “It’s OK. I’ll just call them and pay it over the phone.” But you can’t. Because it’s not just the bank’s website. It’s the whole server. So even if you call your bank, they still won’t be able to help you because nothing is working on their end either.

This particular example might not seem so much dangerous as it does annoying. But consider the reasons that hackers execute DDoS attacks: extortion, identity theft, or possibly even election fraud. In 2013, The New York Times published an article that likened DDoS attacks to “using a machine gun to spray an entire crowd when the intent is to kill one person.” This was in response to a Dutch company attempting to shut down Spamhaus, an organization that aims to block online spam. But in 2007, the entire nation of Estonia was effectively shut down after a DDoS attack. According to BBC news,

Online services of Estonian banks, media outlets and government bodies were taken down by unprecedented levels of internet traffic… The result for Estonian citizens was that cash machines and online banking services were sporadically out of action; government employees were unable to communicated with each other on email; and newspaper and broadcasters suddenly found they couldn’t deliver the news.

As a consumer, it’s important to be aware of these attacks—and not just because you might have to pay a late fee. Most of these attacks are accomplished through botnets—a network of remotely controlled, hacked computers or “zombie computers.” Hackers use malware to infect the Internet of Things (IoT), aka your devices: computers, smart phones, cameras, smart TVs, printers, and even baby monitors. And with everything from security systems to refrigerators now connected to the internet, avenues for hackers to exploit your home just keep growing.

The hacker might not even do anything with this control at first. According to Kaspersky Antivirus, some “cybercriminals will establish a large network of zombie machines and then sell access to the zombie network to other criminals.” And while it’s likely that someone purchasing this network will use it in a DDoS attack, they could also use it to steal information or, more creepily, spy on your family. Think about it: if you’re using your Wi-Fi to watch your precious little one on the baby monitor, then what’s to stop someone who has hacked your Wi-Fi from doing the same?

So, here are some tips from Money Crashers on how to protect yourselves from these hackers: keep your operating systems up-to-date, review the privacy settings on your devices, install antivirus software (including anti-malware and anti-spyware), install a firewall, select a secure web browser, practice good password habits (such as using letters, numbers and special symbols in them), and exercise good web browsing habits (i.e. use “https”, not “http”; block pop-up ads; and never visit questionable websites).

Yes, there are a few people, like disgruntled gamers, who just like to watch the world burn. But there’s no reason to give real cybercriminals the chance to exploit your family.

Emily Tsiao

Emily studied film and writing when she was in college. And when she isn’t being way too competitive while playing board games, she enjoys food, sleep, and geeking out with her husband indulging in their “nerdoms,” which is the collective fan cultures of everything they love, such as Star Wars, Star Trek, Stargate and Lord of the Rings.