DDoS Attacks Strike Human Rights Groups - InformationWeek
Government // Cybersecurity
11:09 AM

DDoS Attacks Strike Human Rights Groups

Harvard researchers find that most such organizations and independent media sites have been knocked offline by a distributed denial of service attack.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
WikiLeaks and Operation Payback may recently have propelled distributed denial of service (DDoS) attacks onto the front pages of many daily newspapers, but this has long been a popular form of attack against human rights and independent media organizations, a report released on Wednesday said.

These DDoS attacks often knocked sites offline -- sometimes for weeks, according to the study, conducted by Harvard University's Berkman Center for Internet & Society. Of the sites polled, 61% suffered through unexplained downtime, while 62% experienced DDoS attacks, the report said. In addition, 39% experienced an intrusion and, of those experiencing a DDoS attack, 81% also suffered through at least one filtering, intrusion, or defacement, according to the study.

Based on Google and Twitter searches, researchers found evidence of 140 attacks against more than 280 sites between August 2009 and September 2010, the report said. However, there likely were many more unreported or lower profile DDoS attacks, according to the study.

"These numbers confirm that, despite the under-reporting inherent in this method, DDoS and other cyber attacks are common against independent media and human rights sites, even outside of elections, protests, and military actions," according to the report, co-written by Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York, and John Palfrey.

Attacks were most prevalent against sites in regions such as Burma (also known as Myanmar), China, Egypt, Israel, Iran, Mexico, Russia, Tunisia, the United States, and Vietnam. These attacks came from within a nation's own borders and externally, the report said.

The Berkman Center shone a spotlight on some specific attacks, focusing for example on those targeting a liberal, independent Russian newspaper; others aimed at a Vietnamese organization that protests bauxite mining in the nation; attacks against sites allegedly promoting Islamic jihad; launches against Iran's Green Movement; and cyber-assaults against the Iranian government's opposition Web site.

Human rights groups had mixed results in protecting themselves from attack. In 55% of instances, Internet service providers shut down their sites in response to a DDoS attack, while only 36% of respondents said their provider successfully defended them against a DDoS attack, the survey found.

"The fact that 55% of respondents suffering a DDoS attack had been shut down by their ISPs first indicates that at least 55%, and almost certainly more, of the sites had been subject to a traffic-based attack. That fact, along with the fact that only 36% of the respondents subject to DDoS attack had an ISP that defended them against attack, indicates that for many independent media, the local ISP is a weak point rather than a strong ally," the report said.

But organizations did not solely depend on their ISPs for protection. The vast majority -- 83% -- had fixed problems with their existing Web application software, and 80% reported that this measure was "somewhat effective" or "effective," the report said. In addition, three-fourths of respondents installed security software or hardware on their existing servers, and 62% upgraded their Web server software, according to the study.


Cheap Botnets A Boon To Hackers

Anonymous Group Abandoning DDoS Attacks

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll