Posted on June 21, 2021 at 5:46 PM
Over the years since the invention of the internet, hackers have come up with countless types of attacks, strategies, hacking tools, viruses, malware, and numerous other ways to achieve their goals. These goals sometimes revolve around stealing money or sensitive information, but quite often, their goal is to simply be as destructive as they can possibly be. Whether it is for making a point, disrupting various services, or some other reason, they most often turn to DDoS attacks.
What are DDoS attacks?
For those who might not know — DDoS stands for Distributed Denial of Service. It is a highly destructive attack that uses botnets to crash sites and destroy servers. These are happening pretty much every day, and most of them are relatively small, although a small attack today would be considered quite massive 20 years ago.
Essentially, they revolve around hackers using botnets — major networks of hacked devices that are at their disposal. Botnets can be purchased from other hackers, or created by the hacker conducting the attacks. Basically, what happens is that the hacker obtains a huge number of hacked devices and orders them to request information from a targeted website. In doing so, each device sends hundreds, or even thousands or more requests for information.
This overwhelms the targeted site and the server it is using, causing them both to crash, usually causing hundreds of thousands of dollars worth of damage, with that figure sometimes going into millions per hour. Of course, technology that protects websites from this type of attack has advanced as well, and so not every DDoS attack will necessarily be lethal. But, hackers have countered this issue by creating even larger botnets, and some of them have become frighteningly large, creating attacks that are impressively powerful.
Today, we wanted to list some of the biggest and most famous DDoS attacks ever, and since they are getting so big and so frequent, it was quite the task to select only a few of them. With that in mind, here are our top picks.
1) The attack on Google
Back in October 2020, Google’s TAG (Threat Analysis Group) posted a blog discussing potential threats to 2020 US election, and talking about how threat actors are modifying their tactics. However, in addition, the team also revealed a massive DDoS attack that actually took place all the way back in 2017.
Back then, the company was under attack for six whole months, and it classified this as the largest bandwidth attack of which it was aware. Now, everyone knows how massive and all-knowing Google’s data banks are. If Google says that this is the largest attack ever, then it’s a pretty safe bet that this is, indeed, the largest attack that ever happened.
From what is known, the attacks were coming from several Chinese ISPs, and it targeted thousands of Google’s own IP addresses. At its height, the attack reached 2.5 Tbps, which is four times larger than the second-largest attack at the time, which reached 623 Gbps only one year before. To this day, this is still the largest attack that was ever pulled off, and many are hoping that it will never be topped.
2) The Krebs attack
As mentioned, the current second-largest attack took place in 2016, and at the time, it was the largest attack ever recorded. It reached 623 Gbps, and it was targeting a cybersecurity expert, Brian Krebs. More precisely, the attack was targeting Krebs’ blog, and it took place on September 20th, 2016.
Now, it is worth noting that this was not Krebs’ first encounter with a DDoS attack. In fact, his site was targeted 269 times before this one in four years of its existence (launched July 2012). However, the biggest attack that the blog experienced before this one was three times smaller. So, it is safe to say that someone really wanted for Krebs’ site to go down.
According to what is known, the attack was conducted by the so-called Mirai botnet, which continued to grow after the Krebs attack, reaching more than 600,000 hacked Internet of Things devices. It collected anything, from cameras to video players, routers, and more. The botnet was actually discovered slightly before the attack, but the Krebs attack was its first major campaign.
3) The OVH attack
The Krebs attack was not the last campaign of the Mirai botnet. In fact, far from it. The botnet was also turned against OVH, which is one of the largest hosting providers in Europe. It serves more than a million clients, and it hosts around 18 million applications.
The Mirai botnet was attacking it for around seven days, using an estimated force of 145,000 bots, and generating a load of up to 1.1 Tbps. Obviously, the Mirai botnet’s force meant that the game has changed forever, and it set the bar for what DDoS attacks are now capable of achieving. Unfortunately, as technology progressed and more IoT devices started to emerge, more people started buying them.
This would be a good thing if not for the fact that most people who use IoT devices are completely unaware of the fact that they have to properly secure them. With that being the case, they do nothing to protect their devices, and hackers get a massive amount of devices ripe for the picking.
4) The AWS attack
In February 2020, AWS reported mitigating a DDoS attack that was almost as big as the attack reported by Google. At its peak, it saw incoming traffic at a rate of 2.3 Tbps. However, AWS decided not to disclose which customer(s) was targeted.
The company did share some other details, such as the fact that the attackers hijacked Connection-less Lightweight Directory Access Protocol web servers and used them to conduct the attack. The so-called CLDAP is actually a protocol commonly used for user directories, and it is an alternative to its older version, LDAP. Unfortunately, the same protocol was used in several other attacks throughout the years, as well.
5) The GitHub attack
Another attack that was considered to be the largest at the time when it happened was an attack on GitHub. This one took place in 2015, and it is believed to have been politically moved.
Like most massive attacks, it lasted several days, and it turned out to be rather adaptive, finding ways around the implemented DDoS mitigation strategies.
Once again, the attack originated from China, or at least — the DDoS traffic did. However, an interesting thing is that it had two specific targets — two projects on GitHub that were focused on circumventing the Chinese state censorship. The attack was likely not actually trying to do anything to the projects themselves. Instead, it is assumed that it served as a display of force and that its real goal was to pressure GitHub into eliminating the projects itself.
6) The Mafiaboy attack
While this attack pales in comparison to the more recent ones, it deserves its place on this list due to pure destruction that it managed to cause, as well as due to other elements that make it stand out. It took place in 2000, and the name Mafiaboy is actually the name that a 15-year-old hacker used at the time.
The hacker went on a DDoS spree, crashing massive corporations’ websites, one after another. It brought down Dell, eBay, CNN, Yahoo!, E-Trade, and others. The attack produced even greater waves than simply crashing websites — it also created chaos in the stock market.
It is safe to say that this is the father of all modern attacks, if for no other reason, then because it was used for the creation of most of the modern-day cybercrime laws. The most interesting part, as mentioned, is that it was caused by a teenager who has since been identified as Michael Calce. At the time, Calce was a high schooler who hacked several universities, and then used their servers to launch DDoS attacks.
7) The Dyn attack
Only around 10 days after the Krebs attack, an event of major importance happened. An unknown individual who claimed they were the creator of the Mirai software came out and released the Mirai source code, spreading it across various forums and platforms visited by hackers from all over the world.
Naturally, within a very short time, the Mirai DDoS platform has been replicated, improved, and used by countless other individuals. Only days later, internet outages all over the world started to happen, but primarily in North America and Europe.
About three weeks after the source code was released, someone launched a massive DDoS attack against a major DNS provider, Dyn. The provider was hit with around 1 Tbps traffic flood, although there is some evidence that claims that it may have even gone as high up to 1.5 Tbps. Naturally, Dyn was nowhere near prepared to deal with this, and its services went offline soon after. This, of course, made countless high-profile websites inaccessible, including the likes of GitHub, Twitter, Netflix, Reddit, PayPal, AirBnb, HBO, and more.
The size of the network itself was jaw dropping, as Dyn’s chief strategy officer said that the company observed 10s of millions of discrete IP addresses associated with the botnet.
8) The bank job
Another massive attack worth mentioning actually took place back in 2012, in March. At the time, six major US banks got hit by DDoS attacks, all part of a major campaign. Those included the Bank of America, US Bank, PNC Bank, JPMorgan Chase, Wells Fargo, and Citigroup.
This was a significantly smaller attack than the rest on this list, but it was a very high-profile one, which is why it deserves a place on this list. The attacks wera made by hundreds of servers that belonged to a botner known as the Brobot. Each of them generated more than 60 Gbps.
One more thing that makes these attacks quite noteworthy is the fact that they were extremely persistent. In fact, their persistence was unique, as most other attacks would execute an attack and then back down. This time, however, the attackers kept coming back with a multitude of different methods, seemingly searching for the one that would work best. This was a very interesting approach, as it meant that the hackers were expecting the banks to have measures in place that would protect them from DDoS attacks, but they did not know which ones to expect.
So, they simply started hitting the banks with everything they had, hoping that something would eventually work.
DDoS attacks have evolved a lot over the years, and they changed the meaning of using the brute force. The worst thing is that analysts expect that they will continue to grow bigger, more violent, and more powerful in years to come.
Hackers are creating bigger botnets by hacking more devices, and the advancements of technology and introduction of all kinds of smart gadgets is making it happen even faster. The only way to fight against this kind of an attack would be to spread awareness about securing user devices. Anything that has a connection to the internet can be used as a device, and the more we progress towards a smart society, the more weapons bad actors get at their disposal.
Meanwhile, DDoS attacks are not only increasing in strength, but also in number, and there are even services that offer DDoS for hire, which the authorities have desperately tried to dismember for years now, with only partial success.