Get in touch with technology with tech Stuff from how stuff works dot com. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer and
how Stuff Works in the Love all Things Tech. And recently, Randall Charles Tucker, who once proclaimed himself to be the Bitcoin Baron, was sentenced to a twenty month prison term and find more than sixty nine thousand dollars for launching distributed denial of service ord DOS attacks against municipal websites, which not only affected normal city operations but also emergency
response systems. So today we're gonna take a look at de DOS attacks and their history, and in our next episode I will go into more detail about the different kinds of the DOS attacks out there and the security measures administrators deployed to mitigate their impact. Because this is an ongoing important story. We've heard a lot about DIDOS
attacks in recent years. There was one that affected some apartment buildings over in northern Europe and had them shut down the uh the HVAC systems during the coldest days of the year, so people no longer had heat. This is a serious thing. So what the heck is a
di DOS attack. Well, it helps to break this down by looking at what denial of service means, and generally speaking, denial of service refers to using tactics that prevent or discourage people from using something online they otherwise would use if there were no outside interference, which is a pretty broad definition. It can cover lots of stuff, and not just stuff that involves hacking or inserting some malicious code
or sending commands over the internet. A denial of service attack by itself also does not necessarily aim to steal information or spy on anyone or anything like that, although it can certainly accompany those types of attacks as well. So there are a lot of instances where the denial of service attack is just part of an overall attacker strategy, or an attacker might use the threat of a denial of service attack to extort money from a potential target,
essentially saying pay up or we're gonna shut you down. Often, attackers will demonstrate their capabilities with a small scale attack to accompany their demands to show they mean business. So in other words, they might actually launch a small attack, bring down a service temporarily, and say that was just a taste of what could happen if you don't cough
up the dough. But as I said, denying service all by itself can be the full motive, and it doesn't have to require code or scripts or overwhelming internet infrastructure. So for example, let's say I'm looking online for a forum to talk about one of my interests. And for this example, we'll just say it's musical theater. Because I love musicals and I would love to go online and chat with other fans of musicals. I find a forum. It's great, there are tons of other enthusiastic fans. Maybe
there are some performers in there as well. We have threads discussing shows and writers and inspiring performances, maybe some embarrassing missteps, personal stories from our own performances or the times we've attended plays, all the stuff you would typically find on a forum about any given sort of interest. But then something frustrating starts to happen. The forum gets invaded by one or more troublemakers. These people disrupt conversations
just for fun. They might hurl insults at people, which isn't exactly subtle or clever, but it can be an effective tactic. Or they might be more insidious and post inflammatory messages that are couched in seemingly reasonable language, which gives the troublemaker kind of an out right like, Oh, I'm so sorry you're offended. All I was trying to do is say such and such. You know, they never
said anything blatantly awful. They just implied it, or they danced around it quite a bit, but ultimately they get what they want, which is to disrupt the conversation and turn the attention toward themselves. We tend to call these folks trolls, and the original reason for that is back in the old newsgroup days, they were said to be phishing for hits or trolling as it were. Trolling in the sense of drawing a bated line through the water
to lure fish. These trolls were trying to get a rise out of people and derail conversations, mostly just for laughs. I've done episodes about trolls before, so I'm going to leave it at that. But trolling is a type of denial of service. It disrupts the activity that was supposed to happen on that site. It discourages people from participating, it denies them that opportunity. And there was no code
needed to do it. But in the case I mentioned just now, trolls were mostly looking to get a rise out of people they found humor and upsetting the apple cart. They might not have any goals beyond just being a nuisance and exerting some small amount of power over people. Maybe they belong to a different forum and there's a rivalry between the two, But there's some people who just as as uh you might hear in Batman, want to watch the world burn. But denial of service can have
far more serious effects than just inconveniencing users. For a business, a denial of service attack can prevent them from conducting their business, which results in lost revenue. So if you run an online store and someone brings down your site or prevents people from getting to your site, you're not going to make any sales during that time. That's lost money. Denial of service attacks can also hurt a company or
services reputation. So for example, there was a massive denial of service attack that affected Sony's PlayStation network and Microsoft's Xbox Live service back in during the holiday season, and it made a lot of gamers really angry. They were accusing both companies of not doing enough to secure their services to make sure they were robust against such attacks. This is sort of like pouring lemon juice in the wound.
In some ways, you know they're already hurting because they've been knocked down, and now the users are yelling at them too. But there is a valid argument to be made that services, particularly really big, heavily trafficked services, need
to invest in good security measures. I talked about a non technical approach to denial of service attacks with that forum example, but most of the time when we talk about the denial of service attack, we tend to mean one that involved bringing down a system using some sort of technology based attack vector. So you can think of denial of service attacks belonging to three large categories in general.
The first category is volumetric. That means the goal is to overwhelm the target by sending a huge number requests or messages to that target device, more messages than the target can actually handle. And I always think of this in a rather old fashioned way. When I was growing up, cell phones weren't really a thing. Everyone had landlines. You know, you'd be at home and you use your phone, which was plugged into the wall, and in fact, most of
the time. It was a wired handset. Didn't have a whole lot of wireless ones when I was growing up, and they existed, I just didn't have them. And call waiting was not a common feature in those early days, which meant if you called someone and they were already on the phone, you would get a busy signal. Well, this volumetric category of denial of service attacks is kind of like having a jerk calling you over and over again and they call you, you you pick up, you hear
it's that same jerk. You hang up, they immediately hit redial and they call you right back again, and the phone starts to ring, and that means no one else can get through to you. Anyone who tries is just going to get a busy signal, so they're getting a denial of service. And because you can't receive any other calls due to this person calling you up repeatedly, you
also get a denial of service. Now that analogy doesn't work quite as well today because we can do stuff like block incoming calls pretty much routinely, and call waiting is a standard feature on almost every phone service. But you get the idea. Next, we have the application de DOS flood attack. This concentrates not on individual applications. That that's what the phrase makes you think, like, oh, this
is like a Spotify de dos attack or something. No. It rather it refers to the application layer of a communications network. And I talked about the application layer back in the Dip into the Seven Layers of the O SI Model episode that published back in November. But this would be a flood attack similar to the volumetric one I just mentioned, but it aims to overwhelm the system with a large number of requests at the application layer rather than the network layer. I'll explain more about what
that means in the next episode. And the third category is a low rate denial of service attack also known as a vulnerability attack, and those attacks take advantage of vulnerabilities or limitations and application implementations and so are kind of related to application de dos flood attacks, but they're slightly different. I'll explain more about that in the next episode two. Then you have a distributed denial of service
attack that ups the anti in ad DOS attack. Hundreds or thousands or even hundreds of thousands of machines combine their efforts to bring down a target to go back to my phone analogy for a second. Let's just say that that jerk who was calling me really wants to irritate me by making my phone line absolutely useless, so he actually recruits all of his jerk friends and gives
them my phone number. Then he and all his jerk friends just keep dialing me up over and over, which makes it even harder to handle than the one jerk doing it all by himself. So let's say I managed to finally get an open line, so I make a call to the phone company and ask them to block the number that just called me, and they agree for whatever reason. Well, that just reduces the jerk faces attack vectors by one, right, It just removes one of the callers.
But a group of jerk friends, with the exception of the one I managed to catch when I asked for the number to be blocked, can keep on calling me. They they're calling from different phone numbers, so their calls keep coming through, and I can keep trying to block the numbers one by one. But this is laborious and time consuming, and in the meantime I'm not able to use my phone for anything else. That's what ad dos attack does, but instead over the phone lines, it does
it over the Internet. In general, it uses an enormous number of machines to carry out an attack, and individually those machines might not be able to generate the sheer volume of data that could overwhelm a target, but collectively they can do it, and they can be difficult to stop. In a moment, I'll talk about a real example of how an attacker might overwhelm the target machine over the Internet using a simple denial of service tactic. But first
let's take a quick break to thank our sponsor. One real world denial of service attack falling into the category of the volumetric attack, involves flooding web server with requests called pings. A ping is a very simple message that computers used to test connections between them on a network. It measures the reachability of another computer. So consider that the Internet is a network of networks, and between your computer and some other computer on the Internet, there may
be hundreds of machines. Some of them are routers, some of them are switches, some of them are computers. For your computer to communicate with this target computer, traffic has to go through the net work from your computer to the distant one, and then traffic needs to be able to come back from the target machine to your machine, and a ping is a test to see if such
a thing is really possible. It measures the round trip time for a message to be sent out from computer A to go to computer B and then return back to computer A. The name comes from an older technology, which would be sonar and sonar where we use sounds underwater to detect objects by listening for echoes. We would send out a sound a ping or from a speaker essentially underwater, and then we would listen in on a microphone for a returning echo. So you send out a ping.
If you get an echo of that ping, you know there is something out there under the water that is reflecting that sound back at you. In fact, you may remember in movies like The Hunt for October they talk about this a lot. They use pings in order to
send secret messages to each other. But in the Internet, we send out a small amount of data and then we essentially listen back for its return and use the travel time to judge the connection strength between the two computers, or really just how much time does it take for a message to go across the Internet and back again. Mike must created the pain utility back in to help test I P network connections. A quick ping could indicate
if there was a connectivity problem. If you send out a ping and nothing comes back, you know there's a problem with that connection. If you send out a paying and it comes back but it comes back pretty like there's a pretty long gap, and we're talking on the order of less than a second typically, but it still can be a long gap if you're talking about actually sending real data across the network. Again, it can tell you, oh, you need to really take a look at your network
and see where the problem is. There might be a broken element that you need to replace. It's also a great tool if you want to use bandwidth heavy applications because it can indicate whether such a connection is even possible. So let's say that you want to play an online computer game, maybe it's a multiplayer computer game competitive. You want to make sure you can find a server that doesn't have a long latency issue between you and the
server you want to pin get a good time. And it may be that that's a game that has multiple servers, so you want to find the server that has the best connection between your computer and that server. So that you can have the best experience when you're playing well. If one were to send an enormous number of PING requests to the same target computer, such as a web server, that target could become overwhelmed by all those requests. It would attempt to respond to each request, which takes up
resources it would otherwise use for normal operations. So let's say a hacker has targeted the website hosting that musicals forum I wanted to pop into, and instead of going in there and starting a flame war in the forums, they just start sending PING requests an uncountable number of PAIN requests to that forums host computer, which is trying to respond to each PIN request dutifully. I mean, that's
what it does. And as a result, the system becomes unstable and crashes, and I get an error message when I try to go to that forum site. This tactic is called a ping flood. It's just one denial of service tactic. I'll go into a lot of other ones later on. Now, I mentioned earlier how a di DOS attack can be effective by leveraging thousands or hundreds of thousands of machines in a coordinated attack. But how does that happen? How do you get to a point where
hundreds of thousands of machines can work together. How does an attacker get control of that many devices? Well, sometimes it happens by people volunteering to be part of this group. There are activist groups that will send out a message and say, hey, if you want to be part of this movement, you can download the software and then we can use your computer to be part of this attack on whatever the target is. But in other cases it's
happening through trickery. Uh, it ends up being a compromised device. Right, So for target computers, a hacker either rights some malware or more likely makes use of existing malware. There's tons of malware that's already been written out there. A lot of the people who use these tactics aren't necessarily coders or programmers. They are what some folks dismissively referred to
as script kitties. They go and they find code that will do what they want it to do that someone else has already written, and then they'll essentially download that and use that kind of as a just an attack package. So they're not having to make it themselves. They're already it's kind of off the shelf hacker sort of software.
So they then use this malware to create a way to infect numerous machines, typically by fooling people into execute eating a file on their computers or their their computing devices. The malware contains a way for the hacker to direct those computers to send messages to a specific target. Um. They may be completely automated. You just hit a little
button and then everything does it. You know. You hacker might put in the IP address for the target machine, but otherwise everything else gets taken care of automatically, and the hacker uses those devices to turn all their focus onto the target machine and then they bombard it with countless messages. Uh. Or the hacker might exploit a known vulnerability in various Internet connected devices such as routers, or
even stuff like smart TVs or Internet connected thermostats. Essentially, the Internet of Things and the smart home movement have created the potential for truly enormous coordinated attacks because again, they don't have to send really sophisticated information across the Internet. It could be as simple as pings. Pings are one of the most basic messages you can send, so if you just get devices that are capable of sending a ping,
then you're you're all set to go. And part of this is because that Internet of Things developed faster than companies could create good security measures to protect those devices from people who would compromise them. And part of it falls on the consumers shoulders, because a lot of people
don't bother to ever update their security settings. Right, they'll get a new thing out of the box, they'll plug it into their network, and they never bother to update the log in and passwords on their devices, so they're using the default settings for their login and passwords, and that can create the opportunity for a hacker to access
those devices. If a company is using essentially a the same sort of login and password for all of its products along a certain line, that all you have to do is know what that is, and then you have access to countless instances of those unprotected devices because so many people do not bother to update it a law. The routers I've seen have had a log in that's kind of like admin one and a password that might
literally be the word password. So if you just plug that in, if you're a hacker to try and compromise someone's home systems, chances are it's gonna work on a lot of people because they never bothered to change it. So uh, lesson there, change your passwords on your devices from the default to something else. Now, some companies they go a little bit further. They'll they'll create a password for each device that is unique to that device, right.
They don't use the exact same password for all of their routers, for example, And that's a good step that makes it much harder to do. You you can't just use a blanket attack the way a hacker normally would. Anyway, I don't put the full blame on the consumer, and I don't put the full blame on the manufacturer. It's a problem that both parties have to pay attention to.
But there are some manufacturers out there who have made product with very poor or completely absent security measures, And in those cases, I pretty much blame the manufacturer of the company, not the customers, because if you didn't even include any kind of security measures in your device, then there was nothing really the customer could do on their side to protect themselves. And in any case, the collection of infected computers and devices would be called a bot net.
Sometimes people call it a zombie computer army. Although you hardly ever hear that phrase these days, it's almost always just bought net and it's because the compromise computers are being controlled by some sort of remote entity, either a human hacker or an automated script or bought This can
happen even without you being aware of it. By the way, you may only notice that your device is operating more slowly than normal, and you wonder, well, why is my computer no longer as fast as it used to be. One possible explanation is that some of your computer systems are being dedicated to sending out the tax over the Internet and you never know it. Or you might get a message about how much data you're using over a given length of time and your thinking, that's weird, I'm
not even home when all this stuff is happening. Well, that's an indicator that something has gone wrong. So to understand how most distributed denial of service attacks work, it's good to remind ourselves of how information tends to travel across the Internet. There are protocols like TCP I P, which that's actually two different sets of protocols. Those are really rules that information has to follow to travel across
the Internet. The architects of the Internet who worked on our pannet first one of the actual methodology of allowing information to go from point A to point B to be very light with the data. In other words, the process itself shouldn't have been data specific. It should be data agnostic. It doesn't matter what the information is. It's just concerned with making sure that information can get from the source to its destination. That's the only thing that's important.
The end points, the edge machines where a message originates and where it terminates, would do all the heavy thing, but the middle bits would be much less hands on with the data, with a deeper concern with just making sure it gets to the right destination. And it's verify that everything got to where it needed to go. So the Internet sends data in bundles called packets. This is
really where TCP comes in. A single file might consist of hundreds or thousands or millions of packets, and the packets are just bundles of data, and your computer sends this information over the Internet. So let's say you want to send a big file. Let's say it's a film. You've got a film and it's an enormous file and you want to send it across the Internet to a friend of yours. Well, the data gets chopped up into these packets, and the packets include a header that has
important meta information about the data the packet carries. Namely, it has the identity of the sender's computer, and it has the identity of the destination computer. And also it has information about how the data inside the packets fits in with all the other path gets of data that are being sent. So one way to imagine this is to think about having like a giant poster for an
awesome movie. Let's say it's Big Trouble in Little China. Now, on the back of the poster, you've got a grid, and inside each cell of this grid is a number, and their insequential order. So the top left corner has the number one, and then when you move to the right, they increase sequentially till you get to the number twenty. And then you dropped down a row so that the first number on the far right side, on the second
row is twenty one. You go sequentially to the left, and so on you zig zag all the way down, so you've got the whole poster numbered. And let's say it's got a hundred cells total, so it's one to one hundred you send. You cut up the poster into these cells, so you you cut up all the little blocks because that's the only way you're gonna be able
to send it to your friend. And you send it to your friend in one hundred different envelopes, and your friend opens up the one hundred different envelopes and then they see the numbers on the back and they're able to put the poster back to other based on those numbers. Now, it doesn't make a whole lot of sense in this real world example, but over the Internet it makes perfect sense. And that's because the Internet depends upon relatively cheap, unreliable connections,
which is actually a good thing. See in the old days, before the Internet, before Arpanet, connecting computers together would require a dedicated connection linking computer A with computer B. We're talking direct connection between the two, which ends up being limiting. It's also expensive, and if the connection were to fail, you would have to repair it before any communication could continue.
Because it's just this direct communication channel that the architects of the Arpanet wanted to make certain that communication could continue even if individual pathways were to shut down. If you think about like a town, it's saying, well, the main road has been shut down because a tree fell across it. But luckily they're all these side roads you can take to still get to the same destination. Might take you a little longer and you go a little further out of the way, but you can will get
there well. To that end, the architects of the arpanet built their infrastructure on cheap hardware. Individually, those pieces of hardware aren't as reliable as the more expensive, more sophisticated types of hardware out there, but collectively, this is a approach that makes a lot of sense because it made scaling the Internet easier. It didn't require a whole huge investment to add more infrastructure to the Internet. It scaled
up very very quickly. But if you build your network on top of hardware that sometimes goes offline, you have to make sure that the rules the data follows are flexible, that they're able to handle that situation and route around those problems. And that's where packet switching comes in. Packets of data follow whatever path is best at that given time, as in whatever connection is the most reliable, fastest connection
between the originating computer and the destination computer. Now that can change over time just from not just physical things that are going on on the network, but also traffic that's passing across the network at the same time from other computers. So one hundred digital packets representing the same file could potentially take one hundred different pathways to get to their destination, so that it's kind of like a caravan all splitting up and taking different routes in order
to get to the final destination. Now, there's probably never going to be a case where every single packet is going to take its own individual pathway. Some of them may end up taking at least part of the same journey to get to their destination. But you get the idea. Uh, it makes the Internet much more robust because one pathway could fail and data can still find a way to the intended destination. In addition, computers will send more packets than what are needed as a redundancy measure. This is
probably that TCP protocol which is redundant. It's like a t M machine. But TCP does make certain that all the different packets get to where they need to go, and if anything didn't show up, then it can make certain that essentially a replacement packet gets sent so that it can verify that all the packets that are necessary, all one hundred of them, for example, have made it to their destination, and that the communication from that that
part of the communication at any rate, is complete. This approach makes the Internet easy to build out, but it also makes it more challenging to do anything across the infrastructure layer in response to people who exploit the system, because the underlying connections are really only concerned with moving data from origin to destination. They're not concerned with what
that data is or what purpose it serves. Now, I've got a little more to say about the basics of distributed denial of service attacks, but first let's take another quick break to thank our sponsor. One other element of the Internet I feel I should mention before I talk about the history of denial of service attacks. Is the domain name system. And you guys is likely at least have heard of an IP address. I mentioned it earlier in this episode. Those are the addresses that identify a
device that's connected to the Internet. Uh. It can be a device like a router that then sends out temporary addresses to anything that's connected to the router, but you get it. This is the way that a computer system
knows where to send information. They're necessary for communication. It's like if you were to send a letter, you would have to include an address on the letters envelope, so the postal service knows where to deliver that letter, and if you wanted to get a letter back in return, you would want to have a return address on there if you've got to want to get a response. And the Internet is similar. All devices have an IP address to facilitate communication um at least through a router if
nothing else. But the devices address might change over time, so that's a little different. It's not like the device is always going to have the exact same IP address. It may change depending upon what network gets connected to. In fact, it will change depending upon what network gets connected to. So it's not exactly analogous to a physical address, but it's similar enough for us to kind of think about that. Now here's a problem. However, these addresses are
not easy for us to remember. You know, IPv four addresses and IPv six addresses. These are series of numbers and sometimes letters within the case with IPv six, where they don't seem to make any rhyme or reason to us. They're hard for us to recall. So we had to come up with a way to map addresses based on
language to the IP addresses that machines can deal with. So, for example, www dot how stuff works dot Com is a u r L an address that we humans can easily remember, and there are special computers called DNS servers that resolve these u r l s into IP addresses
so that traffic can go to the right locations. So an attack on DNS servers which has happened can slow down traffic to numerous website because the servers will be so busy dealing with the attack they have trouble resolving u r l s into IP addresses, even though the actual websites themselves are perfectly fine. So if there's an attack on a DNS server that would typically resolve www dot how stup works dot Com to its respective IP address,
how stup works dot Com is fine. We haven't been attacked by anybody, but the the name server that would actually do the job of resolving that you are l into an IP address, it's busy handling this attack, so it would look like our site is loading super slowly that you just can't even pull anything up. But it's not a problem on our end, it would be a problem in the middle. So there are a lot of different ways that attackers can potentially affect the traffic and
the speed of internet connections. Now, to end this episode, I'm going to talk about some early denial of service attacks and some of the more notable examples, and in our next episode, I'm going to focus more on the spe cifis for types of de DOS attacks and how companies try to handle them. So, first of all, it's hard to get definitive history of denial of service attacks because oddly enough, hackers were not too concerned about documenting
their actions as they unfolded. But before there was d DOS, there were plenty of denial of service examples. One of them happened in nineteen seventy four with David Dennis, who was thirteen years old at the time. I wondered if he might be able to affect all the terminals connected to a computer at the Computer Based Education Research Laboratory
at the University of Illinois Urbana Champagne Campus. Dennis knew that he could cause a terminal, which think of a terminal as kind of as a keyboard and a monitor in itself is not a computer, but it's connected to a computer. You have multiple terminals all hooked up to
this central computer and they're all sharing those resources. Well, he knew that if he was using a terminal connected to this computer and he executed a command called external or e x E, which was a command that would tell the terminal that it was supposed to communicate with a connected external device. But if you didn't have an external device connected to the terminal and you and you sent this command anyway, it would make the terminal lock up.
The terminal would be searching for this external device, it would not find it, and that would send the terminal into the terminal equivalent of a tizzy. And the only way to fix it would be to shut everything down and reboot. So he thought, what if I did this, but I created a way for to do it across all the terminals connected to that computer at the same time, not just one, because I mean then I'm just I'm
just sitting there having to change it. So he wrote some code and figured out a way to send that command to all the terminals connected to a computer at the same time, making them execute that e x D command without the individual users knowledge or permission, and this forced to shut down and nearly all the terminals connected to that computer. The university ended up does stabling this feature that would allow people to send such a command to all the terminals from one single spot. They said,
you know, we gotta turn this default setting off. They didn't think about it until after it had happened. In Robert Morris unleashed a denial of service attack by accident. He had developed a bit of code that would make its way through the machines connected through the arpanet, and the purpose was to find out how big the network was. He just wanted to know how big the network was. No one was really sure that this was something that was growing very kind of organically and rapidly. So Morris
thought he had the perfect solution. He had this code that would go out and essentially infect every single node on the system that it encountered. But it was meant to infect just as a way of making count of each of the nodes. Really, he just wanted to find out what the head count was. However, he made a mistake when he was creating this code, and it ended up being the equivalent of a worm. It went through the system and it would replicate itself. It would infect
the same machines multiple times. It failed to detect that it had already infected a machine, so it just kept passing through this arpanet system, infecting node after note after node, again and again and again, coming up the network and essentially causing a shutdown of sixty thousand nodes. And he would end up being fined ten thousand dollars and sentenced to fours community service for that mistake. The earliest example of a distributed denial of service attack that I could
find happened in nine. An Italian activist group called the Strano Network or Strange Network launched a denial of service attack against the French government in a protest against the that nation's policies relating to nuclear power. But this was done with actual human operators who were working voluntarily. They were they had agreed to be part of this sort of virtual sit in, and they were working on their computers in an attempt to overwhelm on the target servers.
So this attack was limited both in scope and duration. Also, back in those days, you were paying by the hour for Internet access, so the actual protest lasted about an hour because no one was willing to pour in a whole lot of money to sit at their computer and actively carry out this attack. The denial of service attack became a go to strategy for activist groups in general.
One such group, called the Electronic Disturbance Theater or e d T, developed a tool called flood Kit, which would send a large volume of messages towards a targeted computer across the Internet. A predetermined target is the important part to remember here. Anyone who wanted to make use of flood kit could download it, and the tool even had to drop down menu that would let users select the
predetermined targeted computers like the White House Computer System. E d T would arrange for virtual sit ins in which they would schedule a coordinated effort to attack a specific target like the White House servers, and then users would all use that drop down menu to launch their individual attacks as a big collective so as a collective of individual attacks in that sense, and again in this case,
it was a voluntary action. It wasn't like they were infecting computers and trying to uh take them over without the user's consent. In two thousand, Michael Cols, a teenage hacker who used the handle Mafia Boy, launched a series of distributed denial of service attacks against high profile targets like Yahoo, Amazon, Dell, and others. He also attempted to attack the d n S system by targeting several of
the root name servers. He had compromised computers at university networks and used them to send traffic to his targets that would overwhelm the targets, and years later he would say the whole purpose behind it was so that he could impress and intimidate other hackers, so he was doing it for the online street cred In other words, He was eventually tracked down by agencies like the FBI and got a pretty light punishment all things considered. He was
sentenced to eight months in a youth group home. And part of the reason for the relatively light sentence is that the law was dragging behind technology, because it's hard to charge someone with a crime when you don't have a law defining that crime yet. And this is something we've seen in technology over and over where the developments
of tech have outstripped the social constructs like law. In two thousand seven, in Russia, a massive de dos attack shut down not just a site or made a service slow, and actually shut down internet coverage for entire cities. The attack was aimed at an Internet service provider, and it was so effective that the provider went offline multiple times in waves of attack that hit over the period of a month. So they would get back up and then they would be hit by another attack and it would
go down again. At the peak of an attack, traffic being sent to the provider reached ten gigabytes per second, which was pretty darn staggering back in two thousand seven. Later, Anonymous, the most famous secret society of activists and techno anarchists, began to make use of voluntary button nets to attack targets. They urged people who wanted to lend their computer's power to an attack to download software called the low orbit
ion cannon. This would make the users computer join a large bot net, which then could be directed to attack specific targets. Essentially, this is what hackers often try to do through tricking others to install malware, only in this case, Anonymous was outright saying, Hey, your computer is going to be part of this if you download the software. So if you want to help bring down the man, download
and install it now. That wraps up this episode. In our next one, we're gonna talk more about how de dos works and also the various strategies that people and companies used in order to try and mitigate the effects of de dos. As it turns out, it's pretty tricky. If you guys enjoyed this episode, let me know. Also give me a shout out if you have any suggestions
for future episode topics. Whether it's a technolology, a company, a person in tech, maybe there's someone you want me to interview, let me know by sending me an email. The address is tech stuff at how stuff works dot com, or drop me a line on Facebook or Twitter. The handle for both of those is text stuff H s W. Don't forget to follow us on Instagram and I'll talk to you again really soon. For moral thiss and thousands of other topics. Is that how stuff works dot com