DDoS: The ‘trump card' weapon of cyber warfare

As the growing world of cybercrime continues to threaten governments and organizations, DDoS is one specific method that is frequently mentioned



Last week, press headlines were focused on intense cyberattacks on Turkey. Starting in early December, Turkey saw its worst ever cyber threat for about two weeks. But on Friday, Dec. 25, the attacks grew more serious and many Turkish banks - like Garanti and state lender Ziraat Bank - saw their online banking services crash. There were also reports on the temporary disruption of credit card transactions. Turkish government websites with ".tr" domain were also affected. All of the ".tr" domains, from military to ministries, are administrated by Nic.tr, a non-government organization. According to experts, this is one of the reasons why a DDoS attack was chosen as the method by the culprits.DDoS, short for distributed denial-of-service, is a common method for cyberattacks, which are growing more popular among both cyber criminals and "hacktivists." Using this method, thousands of compromised systems attack a single target and cause denial of service for the users of that system. There is always a limit for servers on how much requests from internet users they can handle. When this limit is exceeded, the targeted system is forced to shut down, thereby denying service to the system to legitimate users. Why is the DDoS always successful?"You can think of the Internet as the information highway," says a security expert. "You can access it via an on-ramp. This is your website. During normal hours, when everyone is at work or at home, the traffic flows regularly. But when people get off work and hit traffic, you will see traffic starting to build up as the rush hour begins." DDoS is a big convoy, which is directed at your on-ramp. When they clog the flow of traffic, people can't access the on-ramp.So, this gives clues as to why the DDoS attacks are used widely by cyber terrorists as a political tool: It is easy to organize, it's chaotic and no one benefits from it. A DDoS attack commonly uses a huge group of "unwilling" participants. To raise the intensity of the attack, hackers often use botnets, or "zombie armies" that consist of hijacked Internet-connected devices injected with malware. By controlling this malware from a remote location without the knowledge of the device's owner, cyber criminals use these huge networks of smartphones and PCs as botnets for DDoS attacks.What is the worst part? Most of these botnets are for rent and they are easily accessible for anyone online, giving DDoS a meteoric rise in the world of cyber warfare. Furthermore, it's pretty much unstoppable. To end DDoS, you need to get rid of botnets and to do that you have to convince millions of Internet users to stop clicking on suspicious links, ads and e-mails online. Since this is impossible, corporations and governments should investigate how to prevent or mitigate the damage from DDoS.What to do against cyberattacks?There are multiple ways to perform a DDoS attack. Some are easy to identify, while others are not. For example, if hackers use botnets, which are widely known by security systems, defensive software can identify and block attempts by infected devices rather easily. But if the attack is organized by thousands of real users, it becomes really hard for the server system to distinguish which requests are from visitors and which are from attackers. Also called "hacktivism," a highly popular word in the Anonymous era, it is a common method for ideological and political groups to promote a political agenda.As the threat of DDoS attacks grow, another technology that can be a counter measurement is also on the rise: cloud computing. With its giant "server farms" and software-based services, cloud is the new popular kid in the digital world. Cloud providers mostly use powerful software to mitigate or eliminate the threat of cyber-attacks, including DDoS. They allow virtually infinite bandwidth, immense computing power, scalable infrastructure and multiple types of DDoS mitigation hardware. There are even "cloud mitigation providers" that are specialized in this field. They provide DDoS mitigation from the cloud, meaning they have built out high amounts of network bandwidth and DDoS mitigation capacity at multiple sites around the Internet. This way, your website can take in any type of network traffic on multiple ISPs.Turkey is in good shape against DDoSAs one of the most targeted countries by DDoS, either by hackers or political groups, Turkey needs to take security precautions against these kinds of attacks. Thankfully, the current conditions are in our favor. The highest officer of the Internet in Turkey, Binali Yıldırım, at the Minister of Transportation, Maritimes and Communications said that Turkey has the necessary legal groundwork to combat foreign-based cyberattacks.It should be noted that DDoS strikes and all other forms of cyberattacks will not be stopping anytime soon. But, the revamping of defensive measures - such as improving cloud and digital security systems - will also not slow down. If we need a solid infrastructure, we need protection for current attacks while investing in future technologies.