DDoS Attacks Strike Human Rights Groups - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
11:09 AM
Connect Directly

DDoS Attacks Strike Human Rights Groups

Harvard researchers find that most such organizations and independent media sites have been knocked offline by a distributed denial of service attack.

Top 10 Security Stories Of 2010
(click image for larger view)
Slideshow: Top 10 Security Stories Of 2010
WikiLeaks and Operation Payback may recently have propelled distributed denial of service (DDoS) attacks onto the front pages of many daily newspapers, but this has long been a popular form of attack against human rights and independent media organizations, a report released on Wednesday said.

These DDoS attacks often knocked sites offline -- sometimes for weeks, according to the study, conducted by Harvard University's Berkman Center for Internet & Society. Of the sites polled, 61% suffered through unexplained downtime, while 62% experienced DDoS attacks, the report said. In addition, 39% experienced an intrusion and, of those experiencing a DDoS attack, 81% also suffered through at least one filtering, intrusion, or defacement, according to the study.

Based on Google and Twitter searches, researchers found evidence of 140 attacks against more than 280 sites between August 2009 and September 2010, the report said. However, there likely were many more unreported or lower profile DDoS attacks, according to the study.

"These numbers confirm that, despite the under-reporting inherent in this method, DDoS and other cyber attacks are common against independent media and human rights sites, even outside of elections, protests, and military actions," according to the report, co-written by Ethan Zuckerman, Hal Roberts, Ryan McGrady, Jillian York, and John Palfrey.

Attacks were most prevalent against sites in regions such as Burma (also known as Myanmar), China, Egypt, Israel, Iran, Mexico, Russia, Tunisia, the United States, and Vietnam. These attacks came from within a nation's own borders and externally, the report said.

The Berkman Center shone a spotlight on some specific attacks, focusing for example on those targeting a liberal, independent Russian newspaper; others aimed at a Vietnamese organization that protests bauxite mining in the nation; attacks against sites allegedly promoting Islamic jihad; launches against Iran's Green Movement; and cyber-assaults against the Iranian government's opposition Web site.

Human rights groups had mixed results in protecting themselves from attack. In 55% of instances, Internet service providers shut down their sites in response to a DDoS attack, while only 36% of respondents said their provider successfully defended them against a DDoS attack, the survey found.

"The fact that 55% of respondents suffering a DDoS attack had been shut down by their ISPs first indicates that at least 55%, and almost certainly more, of the sites had been subject to a traffic-based attack. That fact, along with the fact that only 36% of the respondents subject to DDoS attack had an ISP that defended them against attack, indicates that for many independent media, the local ISP is a weak point rather than a strong ally," the report said.

But organizations did not solely depend on their ISPs for protection. The vast majority -- 83% -- had fixed problems with their existing Web application software, and 80% reported that this measure was "somewhat effective" or "effective," the report said. In addition, three-fourths of respondents installed security software or hardware on their existing servers, and 62% upgraded their Web server software, according to the study.


Cheap Botnets A Boon To Hackers

Anonymous Group Abandoning DDoS Attacks

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll