Synthetic Monitoring

Simulate visitor interaction with your site to monitor the end user experience.

View Product Info

FEATURES

Simulate visitor interaction

Identify bottlenecks and speed up your website.

Learn More

Real User Monitoring

Enhance your site performance with data from actual site visitors

View Product Info

FEATURES

Real user insights in real time

Know how your site or web app is performing with real user insights

Learn More

Infrastructure Monitoring Powered by SolarWinds AppOptics

Instant visibility into servers, virtual hosts, and containerized environments

View Infrastructure Monitoring Info
Comprehensive set of turnkey infrastructure integrations

Including dozens of AWS and Azure services, container orchestrations like Docker and Kubernetes, and more 

Learn More

Application Performance Monitoring Powered by SolarWinds AppOptics

Comprehensive, full-stack visibility, and troubleshooting

View Application Performance Monitoring Info
Complete visibility into application issues

Pinpoint the root cause down to a poor-performing line of code

Learn More

Log Management and Analytics Powered by SolarWinds Loggly

Integrated, cost-effective, hosted, and scalable full-stack, multi-source log management

 View Log Management and Analytics Info
Collect, search, and analyze log data

Quickly jump into the relevant logs to accelerate troubleshooting

Learn More

Conflicting opinions causing DDoS blitzkriegs online

Sometimes disagreements and conflicts spill over from real life to online, and sometimes people go completely overboard and launch cyber attacks on services or websites they dislike, doing their best to sabotage them and often causing some serious downtime.

This sabotage is often done using distributed denial-of-service attacks (DDoS attacks) which send such extreme amounts of traffic to a website that it is effectively disabled.

This article takes a look at some high-profile examples of cyber attacks, how the attacked website was affected and why it was attacked (where this information is available). We also take a quick look at how these attacks are usually launched, what the long arm of the law is doing about it and how bad the punishment can actually get.

Eight high-profile DDoS attacks

  • October 2008 – Campaign websites for same-sex marriage attacked: Websites of political groups campaigning against a same-sex marriage ban in California (Prop 8 ) as well as in Florida were subjected to a DDoS attack right after a fund-raising appeal had been issued, the week before the vote.
  • July 2008 – Russian attack on Georgian websites: The growing tension between Russia and Georgia over Georgia’s membership in NATO spilled over online when the website of the Georgian President was subjected to a DDoS attack that made it unavailable over an entire weekend. The attackers, who used a botnet, were unknown but the motive was likely political: among the messages flooding the website was “win+love+in+Rusia.” Several other official Georgian websites were also affected.
  • January 2008 – The Church of Scientology website attacked: The website of the Church of Scientology was subjected to a DDoS attack which at times rendered it completely unreachable and caused as much as $70,000 in damage. The attack was said to have been in retaliation for its censorship of criticism against the church and was performed by members of an anti-Scientology group.
  • April 2007 – Cyberwar in Estonia: A series of cyber attacks (most of them DDoS attacks) via botnets on the websites of Estonian organizations, banks, ministries, newspapers and broadcasters. The attacks followed a disagreement with Russia regarding the relocation of a Soviet-era memorial to fallen soldiers and war graves in Tallinn. It’s sometimes referred to as the Estonian Cyberwar.
  • June 2006 –The Swedish Police website attacked after The Pirate Bay raid: After the Swedish police raided the (in)famous torrent tracker The Pirate Bay and confiscated their servers, the website of Sweden’s national police was taken down by a large-scale DDoS attack that sent 500,000 visits per second to the site.
  • May 2003 – SCO attacked after upsetting the Linux community: After SCO launched a billion-dollar lawsuit against IBM regarding Unix intellectual property being used for Open Source and Linux, something which infuriated the Linux community, SCO was hit by a DDoS attack that crippled its Internet operations.
  • March 2003 – Al-Jazeera websites attacked after publishing sensitive Iraq pictures: Soon after the Arab satellite TV network Al-Jazeera published pictures of US soldiers held as prisoners in Iraq, both its Arab and English-language websites were subjected to a DDoS attack that caused so much traffic to the websites that Al-Jazeera’s hosting provider canceled the hosting contract.
  • July 2002 – The RIAA website attacked after endorsing anti-piracy legislation: The website of the Recording Industry Association of America (RIAA) was subjected to a DDoS attack that made it unavailable for portions of four days. The attack came after RIAA had endorsed legislation that would allow copyright holders to disrupt peer-to-peer file sharing networks.

What does the law say?

Perhaps some people think that since these attacks are just virtual, it’s ok, but truth is that these attacks can lead to severe penalties if the culprit is caught.

In the US the FBI works actively against cyber crimes and if people are caught they face severe allegations. FBI even has an “Internet Crime Complaint Center” and has on several occasions arrested people running botnets.

To give a real-world example of legal repercussions, one of the persons involved in the attack on the Church of Scientology website that we mentioned above was sentenced to pay $37,000 in restitution and is facing up to 10 years in federal prison.

Legal repercussions in other parts of the world vary, but nowhere are they likely to be stricter than in Pakistan. Although perhaps not always applicable to things such as DDoS attacks, Pakistan has recently made “cyber terrorism” a crime punishable by death.

DDoS attacks and botnets

As you can see, the DDoS attacks we have listed above were initiated by botnets, large networks of potentially thousands of compromised computers. These computers (often called zombie computers) are usually regular home PCs that have at some point been infected with malware that have made them a part of a botnet. Working in unison, these computers can of course send a massive amount of traffic in one direction.

There exists a large number of botnets in the world, and new ones are created all the time. Access to them can actually be bought (in the right circles). There are even some underground “rent a botnet” services.

Botnets are also used for other purposes than DDoS attacks, such as distributing email spam.

You can read up on the various aspects of DDoS attacks over at this very thorough Wikipedia entry.

What about your website?

We believe this subject definitely merits discussion since these attacks often make a significant dent in the uptime of a website.

If a website owner is doing something that is of a controversial nature (to a group of people), or if the website content itself is controversial, he/she is in the risk zone. Anything that people have strong feelings about, such as politics, religion and ideologies, can be the trigger.

There is also another factor to consider. DDoS attacks on websites can affect all websites hosted at the same location, even if they have nothing to do with the attacked website. The attack on Al-Jazeera that we mentioned in this article is an excellent example, where the web host actually ended up canceling the hosting contract for Al-Jazeera.

Has your website or service been brought down by a cyber attack (such as a DDoS attack)? How did you solve the problem? What are you doing to protect yourself against these kinds of incidents?

We would love to hear from you about that (and anything else on your mind), so don’t hesitate to make yourself heard in the comments.

SolarWinds Observability SaaS now offers synthetic transaction monitoring

Powerful transaction monitoring now complements the availability and real user [...]

Exit Rate vs Bounce Rate – Which One You Should Improve and Why

Tracking your website’s exit and bounce rates will give you insight into how [...]

Introduction to Observability

These days, systems and applications evolve at a rapid pace. This makes analyzi [...]

Webpages Are Getting Larger Every Year, and Here’s Why it Matters

Last updated: February 29, 2024 Average size of a webpage matters because it [...]

A Beginner’s Guide to Using CDNs

Last updated: February 28, 2024 Websites have become larger and more complex [...]

Monitor your website’s uptime and performance

With Pingdom's website monitoring you are always the first to know when your site is in trouble, and as a result you are making the Internet faster and more reliable. Nice, huh?

START YOUR FREE 30-DAY TRIAL

MONITOR YOUR WEB APPLICATION PERFORMANCE

Gain availability and performance insights with Pingdom – a comprehensive web application performance and digital experience monitoring tool.

START YOUR FREE 30-DAY TRIAL
Start monitoring for free