Denial of service attacks - (DoS for short) - are a type of cyber attack in which malicious actors will intentionally spam a website / network with a large quantity of illegitimate messages or transactions in order to overwhelm the network and make it inaccessible to those who need it.
DoS attacks are like online traffic jams. Networks and servers are only capable of handling so much traffic at once, just as highways and roads can only handle so many vehicles at once. If you stuff too many vehicles onto the road, none of them can move and traffic grinds to a halt. Likewise, if you exceed the traffic capacity of a network or sever, nobody can access it until the traffic goes back down to supported levels.
History of DoS Attacks
DoS attacks do occur in the real world. A few examples include:
- University of Illinois - The first ever DoS attack occurred in 1974 at the hands of a 13-year-old high school student named David Dennis. Dennis went to the Computer-Based Education Research Laboratory (CERL) at the University of Illinois and sent the 'ext' command to 31 computers at once, forcing all of the computer's users to shut down and restart their computers.
- US Banks - 6 banks in the US - including Bank of America, JP Morgan Chase, and Citigroup - were the victims of a DoS attack in 2012. Attackers reached peak traffic volumes of more than 60 gigabits per second.
- GitHub - In February 2018, the popular code hosting service, GitHub, faced a DoS attack of record-breaking proportions. The max traffic volume reached as high as 1.35 terabits per second.
Distributed Denial of Service (DDoS) Attacks
DoS attacks come from single computers with one internet connection that are specially rigged for the purposes of the attack.
Another variation of DoS attacks is the DDoS (Distributed Denial of Service) attack. In these attacks, there are multiple computers with different IP addresses spamming the target network. DDoS attacks are more difficult to defend against because having multiple IP addresses makes it more difficult to catch the attack with spam filters.
The examples in the History of DoS Attacks section were actually DDoS attacks with numerous coordinated participants.
Legality of DoS and DDoS Attacks
DoS and DDoS attacks are illegal and attackers can be charged with crimes depending on their location. In the US, these attacks violate the Computer Fraud and Abuse Act (CFAA). In the UK, DDoS attacks are outlawed by the Computer Misuse Act of 1990. In the European Union, the Cybercrime Convention Committee has criminalized DDoS attacks as well. Laws exist in many other countries around the world making DDoS attacks criminal acts.
5 Most Famous DDoS Attacks | A10 Networks
The Impact of Denial of Service Attacks
What is a Distributed Denial-of-Service (DDoS) attack? | Cloudflare