What is a DDoS?

in #cryptocurrency7 years ago

Sorry I started this article pretty early in the morning, fell asleep, woke up, started it again, and now I'm rushing out the door to work so ... Pardon any lapses in thought.

I thought it'd be relevant to explain what a DDoS attack is, especially in today's popular cryptocurrency market. We hear things like "Oh that exchange is under DDoS attack" (in fact, Bitfinex just got hit by one).

Just a quick point before we being


A DDoS WILL NOT:

  1. attempt to steal your bitcoins/ethereum/dogecoins/whatever. It's not a direct attempt to steal anything.
  2. get your credit card information.
  3. get any of your personally identifiable information, for that matter.

Added this bit in, in case any of you might be panicking about someone stealing that stuff. It can happen, just not by using the DDoS attack itself.

DDoS stands for "Distributed Denial of Service"


But what does that actually mean? Well, I'll give you the ELI5 (Explain Like I'm 5, it's a Reddit thing) that I usually tell my friends and family when they get curious.

Imagine going to the store (e.g., Target)


What do you do? You find the address of your closest Target and you get in your car and go (or maybe take the subway or public transportation if you're inside a major city because you want to protect the environment while saving money so you can invest more in ethereum you awesome millennial you).

Once you arrive at your destination, you enter through the front door. Sure, there are other entrances like the loading dock but they are not for customers. You can only enter through the front.

Physical Stores (Target) VS. Online Stores (Target.com)


Well, a website works very much the same way. Without getting into too much detail, I just want to make some analogous references. A physical store like Target resides in a building. A website store (i.e., a virtual store) like Target.com or Amazon.com resides in a server. So for this analogy, you can think of a server as the same as a building that everyone goes to when they want to find their store (although yes, there is much more detail involved... I can ELI5 that some other time).

Another analogous reference is you, the customer. In the online world, we might refer to you as a user because you are using the website Target.com to find what you want to buy. The reason we call customers users on the Internet is because you're not always a customer. Sometimes you go to buy stuff. Other times you go to... Check your email. Or... Look at naughty things.

Well, DDoS is like Black Friday


If you think about it, Distributed Denial of Service is a really practical term (unlike some things like Krebbs Cycle wtf). The goal is to deny service to any customer (aka, user on the Internet). So how does someone do that? By distributing an attack through a network of many users.

Whoa, whoa, whoa, Kenny, slow down. I'm 5, remember?

Okay. So think about Black Friday in a very populated metropolis with only one Target. The image above comes to mind right? Chaos. Imagine you were in the back of that mess trying to get in. Well, you can't. Or maybe you can but... It would take many, many tries. You've just been denied service.

On the Internet, it's the same thing.

Now you might be thinking, So a DDoS is basically a bajillion hackers trying to enter the same website store so that the doors become jammed and I can't get in? That makes sense except where are you going to find a bajillion hackers?

You don't need a bajillion hackers. Without getting into too much computer-y stuff, just know that someone can take control of hundreds, thousands, some day maybe even millions of computers and execute the same commands on all of them. And that puppet master can tell them all to go to Target.com, then go to Target.com again, then go to Target.com again, and so on and so forth.... Now all of a sudden you're jammed toe-to-toe with other "shoppers" but those shoppers are actually just zombies connected to a hive mind serving their zombie overlord and they don't intend on actually buying anything because, well, they're zombies and zombies don't need Father's Day gifts.

So you have been denied service because someone somewhere created an "attack" by distributing commands across a huge population of computers.

At this point you're probably scratching your head thinking, but what are the effects of this other than inconveniencing me from shopping for Father's Day?

Well, depends on the situation. Again, I'm not going to go into too much detail and you can probably look it up. But some goals might be:

  1. Troll users because someone hates the community for some reason
  2. Someone wants to show everyone he or she is l33t h@ck0rz (although this attack isn't considered a PhD-level attack, it's more like an 3rd grader attack... In fact the first DDoS attack was committed by a 15 year old boy)
  3. Hurt the website/company (while you might lose out on buying your $30 Father's Day Gift, the website is losing out on possibly thousands of customers spending that same amount of money every minute).
  4. Scare less educated users away from using the website, which also hurts the website/company because they think they are at risk of getting their personal information stolen although the DDoS itself doesn't do that or come remotely close to it.
  5. Manipulate cryptocurrency markets. Ah, yes, I saved the best for last. Where do you go to trade stocks? New York Stock Exchange! Well, where do you go to trade crypto? Poloniex! And Coinbase! And GDAX (owned by Coinbase)! And Bitfinex! And Kraken! And... The list goes on and on. What if you could freeze all of the trading happening on, Market A by DDoS attack, so that you can keep the market price per coin at, say, $3000... And then take advantage of the huge price dips from panicked and uninformed traders who only hear that "Market A is under attack and you could be next!" to buy at a much lower price. Then, maybe sell it back on Market A when you stop the DDoS?

This all being said, it is very possible for a company to unintentionally DDoS itself. For example, Steemit is a really awesome community, but the world doesn't know about it yet. Let's say, one day, it hits front page of Reddit. Now all of a sudden, we get a huge influx of users signing up, reading stuff, clicking things... All going through the front door at once. They aren't zombies, they are actual interested users! But the zombie effect still takes place, as real people try to cram through the front door.

Anyway, hope this was a good ELI5 explanation of exactly what a DDoS is. And I hope it eases your fears because a DDoS will not steal your bitcoins or copy over your personally identifiable information.