Report: DDoS Attacks Threaten Free Speech
Computer attacks launched against sites run by human rights and dissident media groups threaten to knock free speech off the Web, a new report warned this week.
The study conducted by Harvard University's Berkman Center for Internet & Society showed that distributed denial-of-service (DDoS) attacks frequently knocked such sites offline.
Of the sites surveyed by the center, 62% were victimized by DDoS attacks in the last 12 months, and 61% experienced unexplained downtime.
DDoS attacks -- the kind pro-WikiLeaks activists fired at companies that withdrew services from the controversial group -- are launched from hundreds, thousands or even tens of thousands of computers simultaneous, or nearly so.
The aim: Flood the servers that host a site with bogus requests, or dupe that server into thinking it's overwhelmed. The result: The site goes black, or is pulled from the Web by its hosting provider to protect other sites from being crippled.
"Human rights and independent media sites are under constant attack," said Ethan Zuckerman, a senior researcher at the Berkman Center and one of the authors of the report, in an interview today. "DDoS attacks make it harder than ever for these groups to keep an online presence."
The Berkman Center dug up media reports of 140 DDoS attacks against more than 280 different human rights and dissident sites in the 12 months between September 2009 and August 2010, likely only a fraction of the actual numbers, said Zuckerman, as many go unreported.
Zuckerman's team also polled more than 300 human rights and independent media sites around the world, and convinced 45, or 14% of the total, to talk about DDoS attacks.
Of the groups that responded, almost two-thirds (62%) had been hit with a DDoS attack in the last year, while slightly fewer (61%) said that their sites had experienced unexplained downtime for their domains.
According to the Berkman Center, there was a "particularly high prevalence" of attacks against sites in Burma, China, Egypt, Israel, Iran, Mexico, Russia, Tunisia, the U.S. and Vietnam, with groups targeted both from within their own borders and from outside their countries.
The center's report highlighted multiple, sustained DDoS attacks against Novaya Gazeta, Russia's most liberal independent newspaper; attacks aimed at a Vietnamese organization protesting bauxite mining in that country; ones launched by the so-called "Iranian Cyber Army" against the Iranian government opposition site mowjcamp.com; and others conducted by a hacker who calls himself "Jester" against sites he said promoted Islamic Jihad.
Late last month, Jester claimed responsibility for an early round of attacks against WikiLeaks that drove the group off its usual servers and onto ones operated by Amazon.
The increasing popularity of DDoS attacks, and the enormous publicity they received when groups attacked sites belonging to companies that had pulled the plug on services to WikiLeaks -- including Bank of America, MasterCard and PayPal -- worries Zuckerman.
"I have concerns that the sheer visibility of DDoS attacks and the fact that they demonstrate some pretty effective techniques [to shut down a site] will lead to a rash of DDoS attacks against human rights sites," said Zuckerman.
And often, there's little a victimized site can do to fend off DDoS attacks.
Typically, human rights or dissident media groups can't afford to contract with hosting providers that are large enough to stymie even small- or mid-sized DDoS attacks, said Zuckerman, or they're hesitant to use a major hosting provider because they suspect it will censor their site or toss them overboard at the first sign of controversy.
"That tension is probably the most interesting part of the paper," Zuckerman admitted. "To prevent DDoS, you have to move to a [hosting provider] big enough to defend your site, but the problem with that is you have to find the right provider."
The largest hosting services, dubbed "Tier 1" firms, have a decided advantage over smaller providers, an even bigger one over organizations that try to host their own site, Zuckerman pointed out.
"If you're a Tier 1 ISP, you're on a bunch of closed mailing lists, you're part of a trusted system, you probably are friends with people who work at other Tier 1s, you have deep contacts in the space, so you can call someone up to ask them to null route traffic to help you get over this attack," said Zuckerman. "That's actually how DDoS prevention often works."
Smaller ISPs, or groups self-hosting, aren't part of this "old boy" network, and are out in the cold.
"In certain DDoS attacks, like those that simply overwhelm your site's bandwidth, you have to go upstream, filtering doesn't help," said Zuckerman, referring to the ISP that is "upstream," or higher in the Internet food chain. "If you can't access those guys at the larger ISPs, it's really hard to fend off an attack. So you're screwed."
The choices that human rights and dissident media sites face is one akin to being between a rock and a hard place, Zuckerman said. "Either you really need to keep up and get smart people on your team, or you need to get with a big provider that is politically willing to host the content of your site," he said.
The Berkman Center's report is available on its Web site ( download PDF ).
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , or subscribe to Gregg's RSS feed . His e-mail address is email@example.com .
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.