Quora Question: What Motivates Hackers' DDoS Attacks?

hacking internet of things ddos mirai
Graphic shows the security risks the Internet of Things faces, and how hackers can launch a DDoS attack. Reuters Graphics

Quora Questions are part of a partnership between Newsweek and Quora, through which we'll be posting relevant and interesting answers from Quora contributors throughout the week. Read more about the partnership here.

Answer from Ofer Gayer, product manager at Imperva Incapsula:

Distributed denial of service (DDoS) attacks are used in many ways. In the case of the Dyn attack (which took many major websites offline), it could have been anything from a demonstration of power, vandalism, ego, rivalry or a smokescreen.

According to Brian Krebs:

“According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.”

Mirai was used to attack Krebs himself after he exposed a lot of information regarding a few actors in the DDoS business:

“The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas, at a meeting of the North American Network Operators Group (NANOG). Madory’s talk delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks.”

So it very might well be an attempt to send a message to whoever is going after the operators of these botnets—speak and you shall be hit. hard.

Other usual suspects:

Hacktivism—Hacktivists use DDoS attacks as a means to express their criticism of everything from governments and politicians, including “big business” and current events. If they disagree with you, your site is going to go down (a.k.a., “tango down”).

Less technically savvy than other types of attackers, hactivists tend to use premade tools to wage assaults against their targets. Anonymous is perhaps one of the best known hacktivist groups. They’re responsible for the cyberattack in February 2015 against ISIS, following the latter’s terrorist attack against the Paris offices of Charlie Hebdo, as well as the attack against the Brazilian government and World Cup sponsors in June 2014.

Typical assault method: DoS and DDoS

Cyber vandalism—Cyber vandals are often referred to as “script kiddies”—for their reliance on premade scripts and tools to cause grief to their fellow Internet citizens. These vandals are often bored teenagers looking for an adrenaline rush, or seeking to vent their anger or frustration against an institution (e.g., school) or person they feel has wronged them. Some are, of course, just looking for attention and the respect of their peers.

Alongside premade tools and scripts, cyber vandals will also result to using DDoS-for-hire services (a.k.a., booters or stressers), which can be purchased online for as little as $19 a pop.

Typical assault method: DoS and DDoS

Extortion—An increasingly popular motivation for DDoS attacks is extortion, by which a cybercriminal demands money in exchange for stopping (or not carrying out) a crippling DDoS attack. Several prominent online software companies—including MeetUp, Bitly, Vimeo, and Basecamp—have been on the receiving end of these DDoS notes, some going offline after refusing to succumb to the extortionists’ threats.

Similar to cyber vandalism, this type of attack is enabled by the existence of stresser and booter services.

Typical assault method: DDoS

Personal rivalry—DoS attacks can be used to settle personal scores or to disrupt online competitions. Such assaults often occur in the context of multiplayer online games, where players launch DDoS barrages against one another, and even against gaming servers, to gain an edge or to avoid imminent defeat by “flipping the table.”

Attacks against players are often DoS assaults, executed with widely available malicious software. Conversely, attacks against gaming servers are likely to be DDoS assaults, launched from stressers and booters .

Typical assault method: DoS, DDoS

Business competition—DDoS attacks are increasingly being used as a competitive business tool. Some of these assaults are designed to keep a competitor from participating in a significant event (e.g., Cyber Monday), while others are launched with a goal of completely shutting down online businesses for months.

One way or another, the idea is to cause disruption that will encourage your customers to flock to the competitor while also causing financial and reputational damage. An average cost of a DDoS attack to an organization can run $40,000 per hour.

Business-feud attacks are often well funded and executed by professional "hired guns," who conduct early reconnaissance and use proprietary tools and resources to sustain extremely aggressive and persistent DDoS attacks.

Typical assault method: DDoS

Cyberwarfare—State-sponsored DDoS attacks are being used to silence government critics and internal opposition, as well as a means to disrupt critical financial, health and infrastructure services in enemy countries.

Backed by nation-states, these well-funded and orchestrated campaigns are executed by tech-savvy professionals.

Typical assault method: DDoS

Who benefits from a massive DDoS attack on Dyn? originally appeared on Quora—the knowledge-sharing network where compelling questions are answered by people with unique insights. You can follow Quora on Twitter, Facebook, and Google+. More questions: