If you are managing a business which is dependent on a digital infrastructure and digital tools, it’s likely that you have protected the system against penetration and shutdowns. It is however still possible to damage a business without penetrating their systems. Denial-of-service (DoS) is a hostile blockage of access to your digital tools and infrastructure. This can cause huge damages for the targets.
What is Denial- of- service?
A vulnerability in the internet structure could mean that certain websites will be made unavailable and in worst case scenario, that all access to the internet is completely blocked. If this is done intentionally, in other words by a hostile actor, it's likely to be a Denial-of-service or a DDOS (Distributed-Denial-of- Service). Think about it like this: someone orders a big load of gravel and dumps it on the street on a weekday at 8 am. Everybody who’s driving on this road on their way to work will be hindered and this propagates as they try to find alternate routes. For some, the accessibility will halt. For others who manage to find a detour, the traffic will move slowly because many are trying to find alternate routes. Many of us have experienced slow internet when it’s time for tax returns or tickets for big sport events are released. When a lot of people a trying to access the internet at the same time, it affects the accessibility. It’s kind of the same thing that happens with a DoS because a hostile actor paralyses the internet by putting a large number of computers “on the road” at the same time.
How is the attack performed?
A DoS is possible when a hostile actor uses a large number of computers they have taken control over. If your computer security is lacking or it’s connected to a badly secured network, it’s possible for computer literates to take control over, or remote control it. When the computer is combined with others in a simultaneous attack, it paralyses the accessibility for those of us with peaceful intentions. This can affect the accessibility to all your digital services- including e-mail. The Norwegian National Security Authority (NSM) has illustrated this in a good way in the following article:
NSM underlines that DoS rarely can be defined as hacking, because it’s not, in other words, “burglary” intended for stealing data. In a DoS the hostile actor sends the power of the computers “on the road at the same time” to deny access- without stealing anything from the computers.
Why would someone do this?
As far as we know there is no exact research on possible motives for such attacks, but in NOU 2007 legislation against cybercrime- Interim Report II, written by the government proclaimed Computer Crime Committee, the following motives are cited:
- Excitement: The hostile actors have no interest in profits or personal gain, but primarily want to explore the possibilities by testing their skills and “burglar tools”. This provides knowledge which can be used at a different time, and it provides status among equal-minded.
- Vengeance: As with other forms of crime, vengeance could be a motive. The motive for vengeance could be between groups- because someone has violated their territory or it could be aimed at the hostile actor’s previous school, work-place or others that may have made them feel mistreated.
- Profit: A known motive for executing a DoS is to blackmail the attacked company for money and/or information. If the demands are not met, the attack is implemented. It’s common to alert the attack and set a deadline for when the conditions have to be met. The reasons for blackmailing a company can be complex, but information, for example, can be used for personal gain or be sold on the black market.
- Propaganda: Sometimes the political views of the hostile actors is the motive behind an attack. For example, it can be a way of distribution their political message to more people or to a different group of people than those who normally receives their messages. Sometimes the combination of vengeance and propaganda is the motive.
The million-dollar question is then: How can we prepare and prevent this? Here are five questions that you can ask yourself as a start. We will revisit and explain these in a later article:
- Have we made a value assessment, and what does it say about this threat?
- Have we analysed aspects of vulnerability and what does the analysis say about this threat?
- Have we distributed our digital services on several web providers?
- What kind of backup solutions do we get from our mobile provider?
- To what extent do we cooperate with our web provider when dealing with these threats?