Connect to share and comment

The digital world, explained.

While Anon dominates headlines, small businesses suffer DDoS attacks

A much larger percentage of DDoS attacks, which temporarily disable a website, are being launched not for ideological reasons but for financial gain.
Ddos black lotus 10 28 2012Enlarge
A computer screen of Dirk Engling, spokesperson of the Chaos Computer Club, shows the file name (highlighted) of the Trojan spyware allegedly made by the German authorities in the CCC's offices in Berlin on October 12 , 2011. The computer club and German hacker organization claims to have cracked spying software allegedly used by German authorities. The Trojan horse has functions which go way beyond those allowed by German law. The news has sparked a wave of outrage among politicians and media commentators. (Odd Andersen/AFP/Getty Images)

The distributed denial of service attack (DDoS) has become the protest tool de jour for online activists and political protesters.

The attack, which temporarily disables a website, is frequently used by hacker collectives of all ideologies, including Anonymous, the Izz ad-Din al-Qassam Cyber Fighers and the now defunct LulzSec.

But these are only a small percentage of the total number of DDoS hacks happening on a daily basis. The majority of attacks are against small businesses and are for financial gain. An attack against a website belonging to a government that is murdering peaceful protesters would be generally well received and enjoy a good deal of exposure. A financially motivated attacked against a small business does not.

“These types of attacks that are normally reported on, all of these folks have a bone to pick with somebody. These are the very small minority of attacks but they are the most well-known, they go on twitter and say tango down,” Jeffrey Lyon, CEO and President of Black Lotus, a web security firm specializing in DDoS protection and mitigation, told GlobalPost.

More from GlobalPost: Germany: Pirate Party falls from grace

A much larger percentage of DDoS attacks are being launched not for ideological reasons but for money, according to Lyon.

“For every business, there is a monetary motivation behind it. Tech savvy company “a” wants company “b” offline. The common foundation is that these are both entrepreneur. trying to make a living. When you have that tied into economic factors, folks going to greater lengths to keep their businesses running,” Lyon added.

High profile DDoS attacks, such as the attack launched by Anonymous against PayPal in late 2010, garner a great deal of law enforcement attention at the highest levels. After that attack, the FBI and the Metropolitan Police service launched investigations to track down those behind what they deemed a malicious and highly illegal act.

As law enforcement began making arrests, names like Tflow and Toxic gained a certain level of notoriety. Anyone who cared to read a news site homepage started to learn names that were once only known to an elite, secluded group of tech savvy activists and open-internet ideologues.

“We are obviously concerned with terrorists using the Internet to conduct these types of attacks,” said Richard McFeely, executive assistant director of the FBI’s criminal, cyber, response, and service branch last week.

“As the lead domestic intelligence agency within the United States, it’s our job to make sure that businesses’ and the nation’s secrets don’t fall into the hands of adversaries."

More from GlobalPost: Anonymous pulls support from Wikileaks

But while small businesses often can't withstand DDoS attacks — and in some cases, can’t afford to protect themselves against them — they also don't enjoy attention from national security agencies.

“Attacks are comparatively so small that they don’t get the attention of larger industries. If PayPal gets attacked, it gets federal attention. Smaller companies don’t get the same attention,” Lyon said.

“What happens is that attack is a blip on the FBI’s rader, best case no one cares because it doesn’t reach the monetary threshold."

More from GlobalPost: UPRISER.com seeks to consolidate political power on the internet

http://www.globalpost.com/dispatches/globalpost-blogs/the-grid/anonymous-ddos-attacks-small-business-security