Government // Cybersecurity
11:09 AM

DDoS Attacks Strike Human Rights Groups

Harvard researchers find that most such organizations and independent media sites have been knocked offline by a distributed denial of service attack.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
WikiLeaks and Operation Payback may recently have propelled distributed denial of service (DDoS) attacks onto the front pages of many daily newspapers, but this has long been a popular form of attack against human rights and independent media organizations, a report released on Wednesday said.

These DDoS attacks often knocked sites offline -- sometimes for weeks, according to the study, conducted by Harvard University's Berkman Center for Internet & Society. Of the sites polled, 61% suffered through unexplained downtime, while 62% experienced DDoS attacks, the report said. In addition, 39% experienced an intrusion and, of those experiencing a DDoS attack, 81% also suffered through at least one filtering, intrusion, or defacement, according to the study.

Based on Google and Twitter searches, researchers found evidence of 140 attacks against more than 280 sites between August 2009 and September 2010, the report said. However, there likely were many more unreported or lower profile DDoS attacks, according to the study.

"These numbers confirm that, despite the under-reporting inherent in this method, DDoS and other cyber attacks are common against independent media and human rights sites, even outside of elections, protests, and military actions," according to the report, co-written by Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York, and John Palfrey.

Attacks were most prevalent against sites in regions such as Burma (also known as Myanmar), China, Egypt, Israel, Iran, Mexico, Russia, Tunisia, the United States, and Vietnam. These attacks came from within a nation's own borders and externally, the report said.

The Berkman Center shone a spotlight on some specific attacks, focusing for example on those targeting a liberal, independent Russian newspaper; others aimed at a Vietnamese organization that protests bauxite mining in the nation; attacks against sites allegedly promoting Islamic jihad; launches against Iran's Green Movement; and cyber-assaults against the Iranian government's opposition Web site.

Human rights groups had mixed results in protecting themselves from attack. In 55% of instances, Internet service providers shut down their sites in response to a DDoS attack, while only 36% of respondents said their provider successfully defended them against a DDoS attack, the survey found.

"The fact that 55% of respondents suffering a DDoS attack had been shut down by their ISPs first indicates that at least 55%, and almost certainly more, of the sites had been subject to a traffic-based attack. That fact, along with the fact that only 36% of the respondents subject to DDoS attack had an ISP that defended them against attack, indicates that for many independent media, the local ISP is a weak point rather than a strong ally," the report said.

But organizations did not solely depend on their ISPs for protection. The vast majority -- 83% -- had fixed problems with their existing Web application software, and 80% reported that this measure was "somewhat effective" or "effective," the report said. In addition, three-fourths of respondents installed security software or hardware on their existing servers, and 62% upgraded their Web server software, according to the study.


Cheap Botnets A Boon To Hackers

Anonymous Group Abandoning DDoS Attacks

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of August 21, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.