November 7th, 2006
I’m leaving blow-by-blow coverage of election results to the approximately one million sites that will be looking at them in detail all through the night, but in the true spirit of election day, here’s a really nasty trick to consider. As an article by Scott Berinato in this month’s Wired magazine describes, distributed denial-of-service attacks can shut down the web servers of companies and organizations within minutes, even if they’ve taken measures to protect themselves.
How do they work? Hackers penetrate inadequately protected computers (yours?) and install software (a “bot”) that hides in the background until it’s triggered by a command from from the bot network owner. DDoS bots then basically ping the hell out of the site that they’re told to attack, requesting files over and over until the targeted server bogs down completely. Since a DDoS attack might involved thousands of bots coming from different computers on different networks, they’re very hard to stop or even to track down. And, you may be able to hire a botnet for an attack for only a few hundred dollars. “Attack of the Bots” looks at a very successful example in detail — an DDoS attack that was so persistent that it ultimately caused an anti-spam company to stop operations completely.
When Joe Lieberman’s site crashed during the Connecticut Democratic primary in August, there was some suspicion that a DDoS attack was behind it, but I don’t know if anything came of that. I do know that bringing down a candidate’s site or the site for an organization like MoveOn.org on election day could have very serious consequences. And DDoS attacks are really only the beginning of ways that electronic dirty tricksters could wreak havoc on campaigns. Illegal, of course. Unethical, without a doubt. But will they be done? I’d be lying if I said I thought the answer was “never.”