Distributed Denial of Service
A denial of service or DoS attack consists in provoking an overload of system resources, thus making the network collapse, due to the huge intake of requests overpassing the bandwidth. A DDoS attack it's an ampliation of the previous attack making it massive by using multiple access points, commonly by using bots and/or zombies.
This attacks constitute a great threat due to being so simple to be perpretated plus being hard for systems to shield themselves from the agressive new methods made by crackers.
The DDoS attacks can deal damage in different ways, focusing in the bandwidth (volume attacks) overloading the server making it go down so it can't provide service to the users, or by exhausting the server resources (protocol attacks) thus making the server unable to attend the users requests.
Some of the most nown are the ICMP echo request flood, the SMURF, the Ping of Death, and DDoS DNS.
Bots are computer programs which unic purpose is to emulate human beings in certain tasks. They are used in multiple ways and they arent always linked to illicit behaviours besides the name being asociated with it. Some of the legitimate uses, and most known are the Wikipedia bots,this bots are tasked with finding mistakes in the articles, or the ones in YouTube which are task to do some moderation in the comments section of the videos. Even though they can be used in illicit tasks, being one of those provoking DDoS attacks and tasking each bot to emulate a human conexion thus making one user able to simulate with few system, thousands of users trying to connect to a network simultaneously.
A zombie is a PC controlled by a third party without knowledge of the PC owner, this allows to make any type illicit activity without raising any suspicion, since unlike the bots this doesn't simulate a PC with conexion, since its a real user with its own IP, thus being able to make illicit activities, DDoS is one of those activities that zombies allows to be made.
The motive behind this attacks can be very diverse, and behind it there can be economic interests to take down the competence networks(making millionaire loses tho the competence), propaganda attacks (like some provoked by crackers, allegedly russian, against U.S.A.), and attacks against freedom of speech.
DoS and DDoS attacks are regulated by article 246 from "ley organica 5/2010" from june the 22th, which established that:
- "He whom by any means, without authorization and in a serius way deleted, damaged, deteriorated altered, supressed or made inaccesible data, computer software or documents, when the damage is serius, it will be punished with 6-24 months of imprisionment"*
- "He whom by any means, without authorization and in a serius way hindered or interrumpted the functioning of another's system/network , introducing, transmiting, damaging, deleting deteriorating, altering, supressing or making inaccesible the data, when the result ends up being serious damage , it will be punished with 6 to 36 months of inprisionment."
However there is a problem with identifying the source of an attack since with only the IP the justice(in spain) can be doubtful of who is responsible, and in DDoS attacks many "zombies" can be implicated making it harder to make a veredict.