dessalles

[Justice - Stress (Auto Remix) sounds like a DoS attack]

About 3 weeks ago CNN experienced a Denial-of-Service attack from computers thought to be located in China. Briefly, DoS attacks are a method of making a website or service unavailable to its intended users by flooding it with traffic from automated systems (or to put it in more personal terms, imagine someone setting up an auto-dialer to constantly call your mobile phone so as to prevent your friends and family from reaching you - that’s a DoS attack). However, more interesting than the attacks on CNN are the ones that targeted SlideShare, the YouTube of PowerPoint presentations, only a day later. These attacks, also based out of China, were thought to be in response to some politically oriented presentations hosted on the site. And while it’s hard not to sympathize the assailants of a site working to make business presentations ubiquitous in ways they probably shouldn’t be, it’s startling to consider that these cyber-militants found user generated content hosted on SlideShare credible enough to warrant attacks equal to those that targeted a major international news corporation.

I don’t follow the internet security beat all that much, but as far as I’m aware, SlideShare is the first social media/networking site to be the victim of a DoS attack (am I mistaken?). If so, that’s some serious geek-cred; and if I worked at SlideShare I’d probably be inclined to publicize the incident. Personally, I’d sooner show off an “I survived a DoS attack” badge on my website than some sort of blogging award.

All this makes me think that if an organization with an anti-capitalist bent really wanted to hit us where it hurt they’d be better advised to target Facebook or Flickr than a financial institution. And if they really played it smart they’d figure out a way to blame it on Citibank or the Pentagon (generally they need to think less like militants and more like marketers). However with that said, if Al Qaeda attempted a DoS attack on YouTube, Osama would probably be in cuffs by the week’s end.

Kidding aside, the techniques of DoS attacks are just as applicable in personal contexts as they are to Estonian politics and Scientology. And in 2000 we saw the fatal consequences DoS-style cyberbullying when a teenager took her own life “after being bombarded with silent calls, sometimes receiving up to 20 in half an hour”, according to The Guradian. That was eight years ago, and today I could easily imagine social networking sites being subverted in a similar fasion. A sophisticated personal attack might employ Amazon’s Mechanical Turk to flood a Facebook account with messages, pokes and friend requests - rendering it unusable.

I think what I find so interesting about denial-of-service attacks is that they’re not hacks. They’re executed via the interfaces made available for end users. Even though it’s really nothing more than a brute force attack, there’s something more elegant about manipulating a system than actually cracking it.