This last Friday was a busy day for many of us. For my part, I was flying back to Texas after a brief business trip but if the numbers are to be believed, many of you were taking part in a Distributed Denial of Service (DDoS) attack that affected much of the Internet. Oh, I know you’re pleading innocent but hear me out before you completely destroy your credibility.

Floyd and Lloyd with cellphones

Floyd and Lloyd with their cellphones

I’ve asked my friendly geckos, Floyd and Lloyd, to help me explain what a DDoS attack is. Living in rural Texas, cell towers are limited in number. If a couple of resident geckos are frequently calling each other on their phones, the cell tower can easily handle the traffic. But if they decide to hold a family reunion and all the family members call all their relatives, the cell tower will max out quickly and many of the geckos will be listening to dial tones. Now, if you’re a resident of this town, you’re experiencing a DDoS attack. We’ll hope you don’t have any important calls to make because until the gecko family reunion is over, your odds of placing this call is highly unlikely.

A gecko family reunion

A gecko family reunion

True, the geckos are not doing this intentionally and this is phone service not Internet but the principle remains the same. A DDoS attack is a number of devices on the Internet (that’s the distributed part) all demanding attention from the same limited source. Think about the geckos all using their smart phone to look at their pictures in their previous post. My provider is good but as the number of simultaneous requests for How Much Memory is a Megabyte increase, my provider will get slower and slower.

Multiple these geckos by thousands and imagine that the moment my provider starts to respond, the geckos disconnect and try again. Now they’re just being mean about this and using a technique calculated to tie up even more resources.

Still your typical DDoS attack isn’t done by thousands of people. At least not people aware that they’re taking part in the attack. In order to execute a DDoS attack, a hacker usually infects thousands of machines with a program that will take instructions from a master computer.

This network of infected computers is usually called a botnet. Some of these botnets get large enough that they are given their own name. When the bot-herder gives the command to start the attack, each of the infected computers starts making requests as fast as possible. This is a DDoS attack.

The owners of the infected computers might not even notice anything more than a minor slowdown as their computers are doing their part to keep you from browsing the Internet. Notice that the skill level to do this is not particularly high. All the bot-herder needs is a well stocked botnet and when their infected computers aren’t taking part in a DDoS, the herder usually has them occupied trying to infect other computers. Something about idle botnets and all that.

So who’s at fault here? I hear a lot of people saying they have nothing worth protecting on their computer so why should they take any precautions. As the owner of the infected computer, are you responsible for its criminal misdeeds?

It gets worse though, as more and more devices are connected directly to the internet, printers, modems, cameras, even refrigerators, most people tend to lose sight of the fact that these are nothing but specialized computers.

These appliances have presented hackers with a whole new world of opportunity. The majority of people don’t bother to change the passwords on their appliances, assuming their new refrigerators even have passwords. How much easier can you make it for someone? Well, someone could release the source code for taking over all these appliances like they did last week. That certainly made it easier.

Have you ever updated the firmware on your modem or your internet connected TV? Most of today’s reputable manufacturers try to update their software when a vulnerability is found but that effort is wasted unless if you don’t take the time do the update. If your device is more than a couple of years old, I can almost guarantee the firmware needs to be updated.

You say your new surveillance camera is only to watch your dogs and anybody that wants is welcome to watch? That would certainly be true if your camera was limited to that single function but in today’s world your camera was probably taking part in that DDoS attack.

In Texas it’s illegal to leave the keys in your car. Certainly, you can expect to be sued if you leave the keys in your car and someone is involved in an accident after stealing your car. I’ll ask again, were you responsible for last week’s DDoS attack?

© 2016 – 2019, Byron Seastrunk. All rights reserved.