The idea that forcibly bringing down a Web site is no different than marching around carrying a placard is enough to incite the angry mob in all of us. Or at least, it incites the one in me.
More than 5,000 people have already signed an online petition to newly inaugurated U.S. president Barak Obama from ‘hacktivist’ collective Anonymous requesting that distributed denial of service attacks be legalized as a form of protest. An excerpt from their submission to the “We the people” Web site is as follows:
“(DDoS) is not any form of hacking in any way. It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any “occupy” protest. Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time.”
Anonymous is hoping to reach 25,000 online signatures by early February, which doesn’t seem likely, but given that they are using a public, state-sponsored forum to make the request, they deserve a reasoned response. Here’s mine:
- A DDoS attack is nothing like the “occupy” movement. An attack does not bring anyone inside someone else’s online presence. It renders it inactive. Those who participated in the legions of protests against the “1 per cent” around the world did so, for the most part, in a peaceful manner in parks or other spaces adjacent to the office towers where the capitalist forces they were critiquing worked. The Occupy movement gained notoriety more for how long it endured, not the volume of business it disrupted.
- While a DDoS attack may not last long, its effects for an organization can be far more devastating than the negative publicity of protesters waving signs that air their grievances. Services get cut off, communication become challenging or impossible, and innocent bystanders who may depend on conducting online transactions through an attacked Web site are unfairly affected.
- A responsible protest sends a message, both to the public at large and the organization or person who is the subject of a protect. In fact, you could say that the act of the physical, live protest is the message. In contrast, DDoS attacks are perpetuated, for the most part, in clandestine ways that disguise those behind it (think of the famous Anonymous masks). The perpetrators, if they announce themselves at all, do so via separate statements on other Web sites. The DDoS attack in this case is not a form of protest but a criminal way to draw attention to one.
Perhaps most importantly, DDoS attacks aren’t just aimed at governments, large corporations or other institutions. They can affect anyone who owns an online domain. These are often smaller or mid-sized firms without the means to effectively combat or respond to such attacks on their own, unless they prepare themselves accordingly. You could laugh at Anonymous’ attempt to legalize DDoS, but the ongoing need to safeguard against such “protests” is no joke.
Arm yourself by reading, ‘Planning Security Budgets: Quantify the Financial Risk of DDoS,’ today.