What Is DDOS? Liveuamap Mapping Tool Used in Ukraine Hit by Cyberattack

Online mapping and journalism tool Liveuamap has reportedly been hit by a DDOS, or distributed denial of service, as it was covering Russia's invasion of Ukraine.

It is unclear who launched the DDOS, a type of cyberattack used to take websites and apps offline.

In a series of tweets on Tuesday, Liveuamap said it had been mitigating the effects of an attack for 12 hours, after the service went down completely the day before.

Liveuamap, founded in 2014, has been showing the locations of Russian attacks in Ukraine as well as reporting developments such as announcements from Ukrainian officials.

Russia's cyber capabilities are well known, but experts have been surprised by the relative lack of cyberattacks on Ukrainian websites since Moscow's invasion on February 24. "It's certainly not what anyone predicted," Dmitri Alperovitch, a computer security specialist, told The Washington Post on Monday.

In the days before the military incursion, a number of Ukrainian government and banking sites were targeted by cyberattackers.

What Is DDOS?

Distributed denial of service is a malicious attempt to overwhelm the servers of a given online platform, service or website by flooding it with internet traffic.

One way to think of it is by imagining a highway that is flowing freely until thousands of cars suddenly enter from a junction, bringing everything to a halt.

Since DDOS attacks rely on a large coordinated effort by devices to request access to, or information from, a web page, a DDOS attacker has to amass an army of devices first. This is known as a botnet.

DDOS attackers will create a botnet by infecting many devices with a type of virus called malware, which allows them to be controlled remotely. When the attacker's DDOS army is ready, all the infected devices send requests to the target's internet address, overloading it.

To identify a DDOS, computer security experts look for telltale signs that distinguish an attack from a website that has been forced offline by legitimate users—perhaps because of a breaking news story or hotly anticipated product release.

According to web security service Cloudflare, these signs include large amounts of traffic originating from a single IP address or from users who share a single characteristic, such as their location or device type; an unexplained surge in requests to a single webpage; or an odd pattern of traffic spikes, such as every 10 minutes.

On Tuesday, Liveuamap wrote in a tweet that the DDOS attack affecting its servers appeared to be coming from "everywhere" but was using the same botnet.

Ukraine soldier
A Ukrainian soldier walks through debris in the capital Kyiv on February 26. President Vladimir Putin launched the invasion of Russia's neighbor on February 24. Daniel Leal/AFP/Getty