Professional Documents
Culture Documents
Object 1
These digital disruptions are known as Distributed Denial of Service (DDoS) attacks.
The flood of incoming traffic aims to exceed the total bandwidth of connections that a
server can handle, thus bringing it down and denying visitors access to any
information it holds. An enterprising attacker can infect millions of machines, creating a
botnet to launch these attacks marshaling the resources of computers across the
globe and making the origin of his assault almost impossible to trace. There are
thousands of DDoS attacks worldwide every day, accounting for roughly one-third of
web server downtime.
Outbreaks of DDoS attacks mirror political turmoil in the real world. The Digital Attack
Map, a project designed by Google Ideas and the network security firm Arbor
Networks, tracks the assaults: DDoS attacks in Ukraine and Russia spiked from
almost nothing to as large as 60 gigabits per second during the Ukrainian antigovernment protests and Moscows subsequent annexation of Crimea in 2013 and
2014. Attacks similarly surged in Israel during last summers war in Gaza, with
assaults emanating from everywhere from Iran to the United States. Even law-abiding
Sweden was hit with a large 80 gigabit per second attack on Dec. 15, 2013, after a
group of neo-Nazis attacked an anti-racism rally in the capital of Stockholm.
The attacks are an easy and cheap way to silence ones political opponents during a
moment of crisis such as during the Ukrainian protests, when newspapers in both
Kiev and Moscow came under attack. DDoS attacks succeeded in taking down
NATOs website in March 2014, while pro-Ukraine hackers targeted the state-funded
Russia Today in the run-up to the invasion of Crimea, replacing instances of the word
Russian with Nazi.
Someone just wanted to make us shut up, said Sergey Smitienko, the system
architect for the online newspaper Ukrainian Truth, which was one of the first sites to
rally Ukrainians to the streets in November 2013 against the pro-Russian government.
Smitienko and his colleagues had turned to the Internet because, he said, television
and print media had always been strictly controlled by the countrys oligarchs, who
squashed any reporting that conflicted with their political agendas. But from the
second day of the protests, Ukrainian Truths enemies moved to cut off that mode of
expression as well: The site was hit by escalating DDoS attacks that forced one of its
two Internet service providers to shut down their server, forcing the site to limp along
with slow service and broken links.
The DDoS attacks, which can cost as little as $150 to launch for an entire week, can
impose a crippling financial burden on their victims.
Smitienko conferred with two commercial services to help his site combat the assault.
But when they saw the power of these attacks, they said that the bill for this service
would be so high, we couldnt pay it anyway, he said.
The commercial firms wanted between $3,000 and $4,000 to combat each gigabit of
data assaulting the newspaper, Smitienko said. The site, however, was being hit by
about 80 gigabits of data each month meaning that its bill would run to somewhere
in the realm of a quarter of a million dollars each month. Some attackers see a
financial opportunity in this conundrum: Arbor Networks estimates that roughly onefifth of DDoS attacks are conducted with the aim of extracting a ransom from the
websites owner, in which they pay hundreds or thousands of dollars to stop the attack.
A month before Ukrainian Truth came under attack, the New York-based think tank
Google Ideas launched a program to resolve precisely the problem they faced. Project
Shield uses Googles infrastructure which has been bolstered greatly to keep
services like YouTube and Gmail online to protect news and human rights-focused
websites from DDoS attacks. Google allows the websites under its protection to route
their traffic through its servers, which are built to withstand even the most massive of
attacks, dramatically reducing the load on their partners web infrastructure.
Ukrainian Truth joined Project Shield in December 2013, and while the DDoS attacks
continued for the duration of the anti-government unrest in Ukraine, they never again
succeeded in slowing the site.
That was a proud moment for us, said Google Ideas associate CJ Adams, who
oversees the program, of the Ukraine crisis. We protected sites that were top 20
newspapers in the world at the time.
Adams said that Project Shield kept sites on both sides of the political divide online in
Ukraine and Russia during the crisis, protecting over 500 million legitimate page views
from targeted sites.
Hundreds of sites currently fall under Project Shields protection, Adams said, and he
hopes to expand that number into the thousands by years end. He said that the
initiative, which is currently accepting applications for new sites, protects any
organization that is focused on news, human rights, or election monitoring, regardless
of their political views.
There was a risk [during the Ukraine crisis] that the person with the biggest botnet,
the person with the biggest attack, would win, Adams said. The truth is that anyone
can pay for someone elses silence and when it comes to something like a human
rights group or a news organization, that shouldnt be the case.
Project Shield offers its services for free to sites that fall under its content criteria; there
are no plans to turn this into a paid service. Since it launched, Cloudflares Project
Galileo and eQualit.ies Deflect have also sprung up to offer free protection from DDoS
attacks.
While this kind of digital warfare regularly spikes during moments of political crisis,
some sites are targeted as part of a long-term effort to silence dissenting voices.
Tavaana, for instance, is an e-learning institute that provides online classes to Iranian
activists, teaching them about democratic transitions, womens and labor rights, digital
safety, and NGO management. The program was launched in May 2010, in the
aftermath of the protests known as the Green Movement, and began suffering from
DDoS attacks soon after its launch.
Posted by Thavam