DDoS – Motivations for the Madness, Part 1

DDoS – Motivations for the Madness, Part 1

March 21, 2016 | Adeline Zhang

Track: General Security

Author: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS

DDoS motivationsMost people know that launching a DDoS attack is illegal in just about every country in the world. However, breaking the law or the penalties that go along with it, have not slowed the growth or frequency of DDoS attacks.  Most companies who track DDoS attacks globally, all report the problem is growing, day-by-day. Just about every organization connected to the Internet is concerned about this cyber attack vector, and the motivations for these attacks vary widely. 

In the earliest days of DDoS attacks, notoriety was the primary motivation.  Being recognized as a successful DDoS attacker not only delivered a long list of kudos from hacker collectives, but often junior hackers were promoted into the collective of their choice, due to the notoriety they achieved from a publicized attack.  While notoriety is still quite common today, it’s only one of the motivations used for launching attacks.

Competitive advantage is another motivation used in a DDoS attack and it is still quite common today.  This motivation fueled the earliest cloud-based DDoS defense companies and helped many of them get off the ground.  In the early days of DDoS attacks, offshore gambling houses would launch DDoS attacks against other gambling houses, often right before a sporting event was about to take place.  Since thousands of people were about to place their bets with one gambling house, taking that house offline, resulted in people placing their bets with other gambling houses that were still online.  As one can imagine, similar competitive advantage has been observed across many different industries.

Another similar attack motivation called player advantage, fuels the spread of DDoS attacks against online roll-play video gaming sites.  Attackers launch DDoS attacks against gaming sites themselves or launch attacks against individual players to block their gaming experience.   Many universities, cable operators, and ISPs observe attacks against their residential networks daily, based solely on players attacking each other using botnets they don’t even own.

Cyber warfare and cyber terrorism used as a motivation for attacks have been seen in the past as well.  For example, in 2007, the country of Russia was accused of launch a DDoS attack against the country of Georgia; effectively taking the country offline.   In addition, DDoS attacks targeted some of the largest financial houses in the U.S. during operation Ababil.  In 2012 an individual published a video on YouTube that offended nearly one-third of the world’s population. In retribution for the video, a group who called themselves the Izz ad-Din al-Qassam Cyber Fighters launched a massive barrage of attacks against the U.S. financial infrastructure; taking some of the largest banks offline. These two motivations are still quite frequent today.

As you can see, motivations for these attacks are as varied as the attack vectors themselves.  In a future post we will discuss additional motivations and take a closer look at some of the methods these threat actors use.


Stephen Gates

Steve is a key research intelligence analyst with NSFOCUS IBD. He has been instrumental in solving the DDoS problem for service providers, hosting providers, and enterprises in North America and abroad. Steve has more than 25 years of computer networking and security experience with an extensive background in the deployment and implementation of next-generation security solutions. In his last role, Steve served as the Chief Security Evangelist for Corero Network Security before joining the NSFOCUS team. Steve is a recognized Subject Matter Expert on DDoS attack tools and methodologies, including next-generation defense approaches. You can usually find Steve providing insight, editorial, industry thought leadership, and presentations covering the latest security topics at RSA, SecureWorld, SANs, Black Hat, IANS, ISSA, InfraGard, ISACA, etc.