DDoS Attacks and Torrent Sites

If anyone has been following the recent news about anti-piracy companies trying to take torrent sites offline by DDoSing them, then you’ll know that this was a bad idea from the start, if not here’s a brief recap.

Aiplex Software is a company that has been trying to take down torrent sites for a while now. As they weren’t getting anywhere, they decided to take on a new approach, and DDoS the torrent sites instead. It was suspected that this was the case for a while, but then to save everyone the effort, the nice guys over at Aiplex Software openly admitted that they were doing it, big mistake!

As the Internet is a wonderful medium for communication, there was a scheduled DDoS attack against Aiplex Software which took their site offline for a fair amount of time, until all the attackers then decided that moving onto the MPAA website was a better idea. The MPAA was forced to move it’s site to a new IP address after being down for 18 hours.

Yesterday an attack was launched against the RIAA in the same manner, and knocked the web site of the Internet for a good few hours.

All this was done via various means of communication, using the tool LOIC (Low Orbit Ion Cannons) and a bunch of anonymous supporters that weren’t afraid to stand up for what they believed in. Whether these attacks were right or wrong is purely a matter of opinion, but more to the point is the amount of damage that can be done.

In the past, if people wanted to protest, they would all gather in groups with placards and march around yelling various slogans, this usually happened outside the offending parties premises. If it got out of hand, the police would be called in to disperse the crowd, and everything was back to normal. However now in the age of the Internet, people are free to participate from the comfort of their own homes, just by downloading a program, typing in an IP address or hostname and clicking “Attack”. These people won’t be traced if the attack is coordinated properly, as it’s next to impossible to trace where all the packets are coming from if you have a large amount of people doing this at the same time. Even if people were traced, there is always the “Botnet defense” (My PC must have been infected by something and become part of a botnet, I ran my anti-virus program and removed some things, and now it all seems fine).
As security professionals we need to look at this as the shape of things to come, what if an online retailer annoyed a few of it’s customers, or if an online gambling or finance site was just “asking for it”. All it takes is the right form of communication and a few thousand people, and poof, the site is off the Internet if it doesn’t have the correct protection mechanisms in place.

As security professionals, do you do your best to protect your companies online assets from DDoS attacks? Or are you mainly concentrating on making sure the web sites are coded securely, that the web servers have been hardened and patched up to date…

I’m really interested to hear everyone’s comments on this one, so please leave them below.

Share