What is a DoS (Denial of Service) attack? And how is it committed?

To understand DoS, you will need to have an idea of what is the Service being provided, how someone can deny it to you, and how it can be counted as an attack.

 

What is the Service?

Every website you visit are made up of  files like the ones you have in your Downloads folder. Pictures, Word files, PDF files, MP3 files, Videos, etc. On any given website all these files are organised in a easy to use presentable format called HTML. HTML (Hyper Text Markup Language) is a convention which is used to structure data in a viewer-friendly manner.

You can also make HTML files by using softwares like Microsoft Frontpage (old legacy), Adobe Dreamweaver (contemporaneous), Sublime Text (for advanced users).

Whatever you are looking at right now, even this text, is organised in a specific format and saved as .html files (on my server) which you are accessing and reading now.

The Service part is yet not fully defined.

The other component of the Service is the operation of a server. Believe it or not you have operated at least fifty servers from the morning today.

A server is a highly specialised computer designed only to serve web content. The HTML files which we were discussing about, are stored on these servers and the servers are connected to the internet in the same way you are connected to the internet. This connection to the internet enables anyone else to access the files kept on a server computer.

So for example, if you are watching a video on YouTube, you are accessing an HTML file kept on YouTube’s servers which has an embedded video on it. YouTube lets you access and watch it because then YouTube can show you ads. This transaction is thus complete with a win-win situation for YouTube and you.

The Service is complete when the Server renders the data to an user, and the user is able to access it successfully.

 

How do you then deny it?

Denying it is actually easier than setting up the service. Remember the part where the server is nothing but a super specialised computer? Yes.

And just like all computers (like yours), servers also can slow down to a screeching halt and freeze to lifelessness. Once a server hangs, and until it is restarted, whoever visits the server through the internet will see either a 500 Internal Server Error, a 503 Service Unavailable, or any other error of the codes starting from 500 to 511. I am sure you must have seen quite a few of these.

The way forward then is to visit the target website as many times as possible in a short period of time. A flood of visits to the same website will get the server busier than normal, and slow it down by taking up all the server resources like RAM, CPU and internet bandwidth.

Therefore if your friend wants to deny your access to YouTube, he can do so by artificially bringing YouTube’s servers to a halt or slowing them down.

For him to be able to pull off that feat on a website of that scale, he will mostly need to visit it a whopping 500 million times in under an hour. Once he manages to get YouTube down, congratulations he has broken the law.

 

How is it an attack?

Well if you understood the Service part, the Denial part and the frustration emanating from it, you would not ever want this to happen to YouTube, had you owned it. Even one hour of downtime for YouTube would mean millions of lost business opportunities, and billions of losses ensuing due to lost user confidence. I would personally term any losses above the $100 mark as an attack.

 

How to do it?

There are multiple free, open source and premium softwares which can help you do exactly that. These can be installed on any laptop or computer and put to action in under a minute. The most popular of them all could be Low Orbit Ion Cannon (LOIC) and the High Orbit Ion Cannon (HOIC). Others are also available by the names: Locust, CloudTest, LoadRunner, etc.

If you do not want to dive into all the details, some very easy online softwares are also there by the names of Loader.io, blitz.io, etc.

You can find LOIC here: https://github.com/NewEraCracker/LOIC

The HOIC is the latest version of LOIC, and it is analogous to the Death Star as shown in Star Wars, it can launch parallel attacks on as many as 256 URLs at one go.

 

Why are the softwares freely available?

Just like every other things, softwares are also known to be abused. What started out as a network stress testing tool has quickly become an innovative way to attack and cause harm to others.

Softwares like Locust, CloudTest and LoadRunner and many other open source variants exist simply for use of network administrators who can test different flows of traffic on their networks.

And till the time you are doing it on your own network or on a network you are authorised to, it is totally legal. It is illegal only when it is done with lack of authorisation and with the intention to cause disruption.

 

Different types of attacks. Difference between DoS, DDoS and APDoS

If the offending computer is a single entity it is simply called Denial of Service (DoS), but when such an attack is orchestrated along with multiple other machines parallely  it is called Distributed Denial of Service or DDoS.

And when the attack is made through a large array of computers (tens of millions) and with very sophisticated and advanced methods, it can last for weeks. Such an attack is called advanced persistent DoS or APDoS.

It would be very foolish of anyone to try a DoS attack without adequate measures. The prime characteristic of a DoS attack is repeated similar requests from the same IP Address. It is then easy to block the offending IP Address. However, in the advanced versions of DDoS and APDoS, there are two classes of victims, one whose servers have been targeted and others whose computers have been used without their knowledge to pull off the offense.

In DDoS and APDoS, varieties of malwares and viruses are transferred over the internet to unsuspecting users, and then their computers are used to organise a massive attack on a third party.

The trickiest and the most difficult to diagnose are the Degradation of Service attacks. This type of attacks are highly advanced with algorithms which can detect the victim’s network capacity, on the basis of which attacks are perpetrated not to hang the servers but to increase error rates and slow down the network ingress and egress. This type of attacks can last for weeks before detection and cause the heaviest losses at the least cost.

 

Laws of India on this?

Whether it is a simple disruption, degradation, denial or distributed denial Indian Law has provisions for all of them.

Section 43 (e), (f) and (g) of the The Information Technology Act, 2008

provide for watertight provisions which as of now cover the entire gamut of DoS attacks.

If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network

  1. disrupts or causes disruption of any computer, computer system or computer network; (applicable in cases of disruption and degradation)
  2. denies or causes the denial of access to any person authorised to access any computer,
    computer system or computer network by any means; (applicable in cases of denial or distributed denial or advanced persistent denial)
  3. provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder, (applicable in cases of denial or distributed denial or advanced persistent denial)

then such a person can be made liable under the act.

Moreover, there is another clause that covers cyber terrorism which is punishable with life imprisonment.

Section 66F. Punishment for cyber terrorism

  1. Whoever,
    1. with intent to threaten the unity, integrity, security or sovereignty of India or to strike
      terror in the people or any section of the people by –

      1. denying or cause the denial of access to any person authorized to access computer resource; or …
    2. … commits the offence of cyber terrorism.
  2. Whoever commits or conspires to commit cyber terrorism shall be punishable with
    imprisonment which may extend to imprisonment for life’.

 

Pertinent History

The first big ticket DDoS attack happened on the Church of Scientology in 2008. This was organised by the Anonymous group which is apparently the largest hackers’ network in protest to the philosophies and practices of the Church of Scientology.

In June 2014, the Occupy Central movement in Hong Kong was responsible for taking down multiple websites of the Chinese Government, this was too in protest of the Chinese voting system where they have a fixed 1200 member committee which elects new leaders to power.

In April 2015, TRAI released a list of over a million email ids who wrote to TRAI favoring NET Neutrality. TRAI was foolish enough to release the email ids along with the names of the users and their messages. A group of Hackers calling themselves Anonymous India saved the day by DDoSing TRAI’s website so that no one could download the list of email ids. It was supposedly a gold mine for spammers.

The supporters of Wikileaks have been attacking websites of the US Government and other Financial Institutions to the extent that Mr. Assange had to request everyone in a tweet to stop all such activities.

Posted by Donnie Ashok

Donnie Ashok is a freelance technology advisor, cyber security advisor and a final year law student studying B.A.LL.B at Gujarat National Law University. IndiaTechLaw is an initiative by Donnie Ashok.

Leave a Reply