What SMBs Can Learn from WikiLeaks DDoS Attacks

Paul Mah

You've heard the story about the WikiLeaks-inspired distributed denial of service (DDoS) attacks by now. Angered by the pulling of support from WikiLeaks by various payment merchants and network service providers, a collection of loosely affiliated hackers who call themselves Anonymous have made it their mission to DDoS the websites of the parties involved. Among others, DDoS attacks were launched against companies such as PayPal, Mastercard and Visa in a bid to exact vengeance by digitally crippling selected sites belonging to these organizations.


To achieve its objective, Anonymous modified an open source server load testing tool for its nefarious purpose, essentially creating an "opt-in" botnet where volunteers could download the software onto their machines to be coopted as part of a single botnet. The client connects to a centralized server to obtain instructions, before proceeding to pound away at specified targets using brute-force methods.


Called hacktivism by some and plain civil disobedience by others, it is obvious that the ramifications and legal aspects of the WikiLeak furor and the preceding DDoS attacks by Anonymous will remain a hotly debated topic for some time. The million-dollar question is: Should SMBs be worried by DDoS attacks?


First of all, let us take a look at some of the facts surrounding the rather public DDoS attacks. According to news sources, the size of the attacks spearheaded by Anonymous was believed to exceed 10Gbps at times, which is not an insignificant number. While I was not able to determine the number of clients that actually participated, experts have warned that the falling ratio of the bandwidth available to end users versus data center network speeds means that fewer clients can consume a larger amount of bandwidth when it comes to malicious traffic-sapping attacks.


With the strength of the average DDoS attacks increasing, there appear to be ample reasons for SMBs to be concerned that they could be singled out and hit badly one day. It must be remembered, though, that the various targeted sites weathered the DDoS attacks relatively well, proving that it is entirely possible to defend against these cyber incursions.


So should SMBs be concerned? My short answer is no, not if they have taken precautions to defend themselves or at least mitigate the repercussions. In my next blog, I will talk more about how SMBs can lay the groundwork to defend themselves against DDoS attacks.

Add Comment      Leave a comment on this blog post
Dec 23, 2010 4:14 AM Neil Kitson Neil Kitson  says:

But who attacked the WikiLeaks website in the first place?  Whoever it was, they're more anonymous than Anonymous and still out there, somewhere.

Dec 23, 2010 4:45 AM deatos deatos  says:

Its getting crazy, I have seen lots of sites go down to these ddos attacks,  You dont even have to be attacked directly to feel the effects,  My latest client came to me because someone else their webhost is hosting got ddosed,  and it took every site offline that webhosts had been hosting. I have some info and services that can help protect against ddos attacks and mitigate them down to nothing.

Dec 23, 2010 6:29 AM Austin Hook Austin Hook  says:

I agree. The people who attacked the Wilileaks site in the first place are much more dangerous.  Why does this article not focus on them? 

Also, as a small business owner, I am much more concerned with the possibility that those  major financial institutions are allowed to discriminate against us for reasons of race, religion, gender, political affiliation, or whatever arbitrary reason they choose, than I am concerned about how immune they are to the reaction of outraged clients. 


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.