Why You Probably Didn't Notice The 'Worst Cyberattack In History'
What had earlier been widely billed as the largest cyberattack in history, causing Web-wide disruptions for Internet users, appears on closer inspection to have been not quite so dramatic as first thought. But what did it mean for the innocent bystander sitting at his or her computer?
Probably not much, as it turns out — particularly if that bystander's computer wasn't in Europe.
First, a little background: The type of cyberattack publicized Wednesday and Thursday is, almost by definition, a limited affair. Although it originates from multiple sources and locations, it typically converges like an artillery attack on a single target.
A story at Mashable has a nice, concise definition of the attack, known as a distributed denial of service attack or DDoS:
"In a common DDoS attack, hackers use thousands of computers to send bogus traffic at a particular server in the hopes of overloading it. The computers involved in DDoS attacks have often been previously infected with malware that gave a hacker control of the machine without the legitimate owner's knowledge. Hackers use malware (often sent via email spam) to amass large networks of infected computers, called 'botnets,' for DDoS operations and other purposes."
Martin Libicki, a researcher at RAND who has studied cyberattacks, compares it to a concert letting out.
"You've got all these people filling the streets all at once," he says. "If you happen to be in the same area at the same time, you're going to have a hard time getting through."
In other words, even though botnets can be recruited from all over the world — and, for the record, Libicki thinks at least some of them in the Spamhaus attack were probably located in the U.S. — it's mostly a local phenomenon. Since, in this case, one major likely source of the attack and its target were both in Europe, most or all of the Internet congestion occurred there.
Alastair MacGibbon, of the Centre for Internet Security at Canberra University in Australia, calls the alleged Cyberbunker attack just another "old school denial of service attack."
"There's much more sophisticated ways you can damage the Internet," MacGibbon told the Australian Broadcasting Corporation.
Contrast that to the Stuxnet virus that reportedly did physical damage to Iran's nuclear facilities.
According to Bruce Schneier, who writes a blog on cybersecurity, Stuxnet can take control of "small embedded industrial control systems that run all sorts of automated processes: on factory floors, in chemical plants, in oil refineries, at pipelines — and, yes, in nuclear power plants."
Libicki says while it's conceivable that a DDoS attack could be designed in such a way as to have wider impact, "that's still an untested proposition."
"If you want to turn out the lights, a DDoS attack isn't going to do it. If you want to steal money, a DDoS attack isn't going to do that either," he says. "If you really want to do damage, you're going to need something more involved."