Skip to Content

Political Net Attacks Increase

Denial-of-service attacks are on the rise, research shows.
March 13, 2009

When armed conflict flared up between Russia and Georgia last summer, the smaller country also found itself subject to a crippling, coordinated Internet attack. An army of PCs controlled by hackers with strong ties to Russian hacking groups flooded Georgian sites with dummy requests, making it near impossible for them to respond to legitimate traffic. The attacks came fast and furious, at times directing 800 megabits of data per second at a targeted website.

User unfriendly: Simple interfaces for launching distributed denial-of-service attacks, like the one shown here, have made it easier to attack political enemies, says Jose Nazario, manager of security research for Arbor Networks.

This type of politically motivated Internet attack is becoming increasingly common, says Jose Nazario, manager of security research for Arbor Networks. “The problem is sweeping and has changed over the years,” Nazario said during a presentation at the security conference SOURCE Boston this week. He noted that the frequency of these attacks and the number of targets being hit have grown steadily over the past few years.

The type of attack aimed at Georgian sites is known as a distributed denial of service (DDoS). Targeted servers face an overwhelming number of requests from computers located all over the world. Sometimes these requests come from “zombie” computers that have been taken over by hackers, and sometimes they come from machines operated by individuals who have volunteered to help. Last summer, the targets included government servers, and those belonging to news outlets and to companies trying to defend against the attacks.

Arbor Networks uses several technologies to monitor DDoS attacks. The company provides network security tools to Internet service providers and large enterprises, and customers can choose to share data on traffic patterns to help identify attacks as they happen. Nazario says that this customer data covers about 80 percent of global Internet backbone traffic. Arbor’s researchers also use software tools to intercept commands that are intended for botnets, and they monitor Internet routing patterns for signs that an attack is taking place.

Nazario says that the bar for launching a DDoS attack has come down significantly in the past few years. Attacks aimed at Estonian sites in 2007 (during a time of political tension between this country and Russia) used botnets and scripts that weren’t easy for nontechnical people to employ. Now attackers can purchase tools such as Black Energy or NetBot Attacker (made by Russian and Chinese hackers, respectively) for less than $100 apiece. These kits give an attacker ready-made code and an easy-to-use interface to control a botnet. Attackers have even developed Web interfaces so that volunteers can more easily participate in an attack. Attacks are often coordinated in forums, Nazario says, and easy-to-use interfaces help boost participation.

Steven Bellovin, a professor of computer science at Columbia University who researches network security, agrees that politically motivated DDoS attacks are becoming more common. He says the reason is that they are becoming easier to launch and more effective. “You can’t launch a DDoS attack against an enemy who isn’t dependent on the Net,” Bellovin says. “You also can’t launch one unless you have adequate network resources.”

A big problem with these politically motivated attacks, according to Nazario, is that it’s particularly hard to pinpoint who is really responsible. While it’s easy to determine which botnet is the source of an attack, it’s far harder to determine who might be paying for the attack. This is a big worry for governments looking for redress or retaliation, he adds.

Currently, the procedure for defending against DDoS attacks involves shutting off traffic from the attacker as close as possible to the source, and carefully managing Internet traffic heading for the target. This can sometimes be a delicate political process, however. Governments can hire experts and buy tools to help them deal with an attack, but smaller organizations, such as newspapers, might need to turn to their Internet service providers for help. “The technology’s there–it’s just a matter of getting access to it,” Nazario says.

While Nazario says that denial-of-service attacks can be serious, he adds that it’s important to keep them in perspective in the context of warfare. “It doesn’t compare to people dying on the ground,” he says.

Keep Reading

Most Popular

Geoffrey Hinton tells us why he’s now scared of the tech he helped build

“I have suddenly switched my views on whether these things are going to be more intelligent than us.”

ChatGPT is going to change education, not destroy it

The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.

Meet the people who use Notion to plan their whole lives

The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.

Learning to code isn’t enough

Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.