The Australian government has been keen to throw the term 'DDoS Attack' around when its online services fail. We saw this during the 2016 Census and it's being used now to explain the MyGov website going down after the Prime Minister announced a coronavirus payment for Jobseekers. So what exactly is the difference between a distributed denial of service (DDoS) attack, and a site or service unable to handle the load?
What is a DDoS attack?
A Distributed Denial of Service (DDoS), or a DDoS attack, is basically an assault on a website, network or server. The attack overwhelms the target's server capabilities and makes it unavailable to other people or devices.
While some may say server failures such as the 2016 Census was still a DDoS issue, it wasn't. 'DDoS' and 'DDoS Attack' are the same thing. If a website fails due to a simple lack of server capacity it is not a DDoS.
"From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination," explains internet security fire Cloudflare.
As outlined by cyber security providers Kaspersky, the overall goal of a DDoS attack is to completely prevent the normal operations of the website, server or target. Botnets are often used in coordinated DDoS attacks.
One historical example of a DDoS attack was the case of 23-year-old Adam Mudd. Mudd created and sold software that spammed services like Microsoft's Xbox Live and servers for games like Runescape and Minecraft. He was eventually caught and pleaded guilty in 2017 for repeated DDoS attacks against multiple games and gaming services, receiving two years imprisonment.
What is a Botnet?
The term 'botnet' is a combination of 'robot' and network. To put it simply, its a network of bot devices that is controlled by a cyber attacker.
Regular folk could be part of a botnet without even realising it. Attackers tend to infect computers through things like dodgyy email attachments, software downloads ad pop ups. This basically results in users infecting their own devices with a virus that can then be used to control it.
While computers, phones and tablets are the most likely targets for these viruses, increased connectivity through the Internet of Things (IoT) means that smart home devices, smartwatches and security cameras can all be potentially compromised. IoT devices often have weaker security, if any at all, and this flaw was exploited by the Mirai malware in 2016.
As noted by security researcher Elie Bursztein, the Mirai botnet attacked domain name service provider DYN, making some of the internet's biggest services unavailable, including Twitter, Reddit, Paypal, Netflix, Github, HBO, Amazon and AirBnB.
What's the difference between a DDoS attack and a website server being unable to handle traffic?
The difference between a DDoS attack and something like the census website failure is intent. A DDoS purposely goes after a target so it ceases functionality, whereas a site being unable to handle an influx of traffic is often due to a lack of server capacity. Basically - it can't handle that many people using it at once.
The outcome is the same, but the distinction is important. When a government body, for example, uses the term 'attack' when their sites simply weren't able to handle the traffic of regular people, that's a problem.
An example of this is the Minister for Government Services, Stuart Robert, referring to the MyGov website going down on March 23 as a "DDoS attack."
Despite confirming that the government made changes to MyGov servers to allow for 55,000 concurrent users rather than the usual 6,000, Robert has referred to the website failure as an attack.
"It has simply suffered from a DDoS attack this morning, and currently it is processing 55,000 concurrent users, which means the 55,001 user will not be able to access it. So as users move off the 55,000, that’s when new users can come on, and we are working today and tonight to look at how we can expand the 55,000 concurrent users to a higher number," said Robert during a press conference.
Unfortunately for the minister, this is not how a DDoS works. During a DDos attack a website goes down for everyone, not just person 55,001. Gizmodo Australia can confirm it was able to access the MyGov website during the reported issues, while other people couldn't.
Robert backtracked on the word 'attack' during Question Time on Monday. "The DDoS alarms showed no evidence of a specific attack today," said the minister. I guess he missed the memo on the two terms meaning the same thing.