Why Hackers Take Down Sites (and How to Protect Yourself)

hacker By Kerry Gorgone, {grow} Contributing Columinist

Why do the Bad Guys try to take down our websites?

In my (admittedly limited) experience with hacking, the main result of a denial of service attack seems to be annoyance on a wide scale. Blameless users simply trying to accomplish a routine task (such as order a product or read a blog) are unable to proceed due to a denial of service attack (often referred to as a “DoS” or “DDoS” attack).

In my naiveté, I often assumed—without really giving it much thought—that denial of service attacks were undertaken by bored geeks who had tired of online gaming and moved onto hacking. I imagined a sort of high-tech “pissing contest,” in which each hacker sought to establish his or her superiority. I never imagined there could be a more sinister motivation, nor did I consider the devastating consequences that bringing down a website could have on a business owner.

According to a study from Neustar, it takes an average of 10 hours before a company can even begin to resolve a DDoS attack. When a service outage costs an average of $100,000 per hour, the cost of that downtime adds up quickly, and can decimate smaller businesses that rely on their website. (Neustar has created a 2014 infographic with some startling statistics on denial of service attacks.)

As it turns out, I was half right. Kevin Mitnick’s book Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker reveals a shockingly nonchalant approach to hacking. “It was thrilling every time we compromised another SCCS [Switching Control Center System]—like getting into higher and higher levels of a video game,” as Mitnick describes the rush. “The judge [during the criminal trial] didn’t seem to understand why I would do such things without profiting from my actions. The idea that I was doing it for fun didn’t seem to make sense.”

I’m with the judge on this one. “Just for fun” isn’t a sufficient explanation when mitigating the impact of a denial of service attack can cost a company $1,000,000 even before their efforts start to work.

The business behind hacking

But not every hacker is in it for the fun. Some do have a monetary motivation, even if their path to profit isn’t clear to those of us unschooled in the art of hacking.

Some hackers extort legitimate businesspeople, threatening a denial of service attack if money is not forthcoming.

Others use the denial of service attack as a “smokescreen” while they insert malware or a virus into the code of the target site. One attack created a diversion while the hackers obtained bank customers’ credentials and stole $9,000,000 from ATMs in a period of 48 hours.

Denial of service attacks can also be used to thwart competition. Companies might pay hackers to execute a denial of service attack on a competitor’s website. In some cases, hackers will execute a denial of service attack on a website because they disagree with something the site owner has said (on the site or on another channel).

Fighting back

Given the massive cost of mitigating such an attack, the idea that someone might do this can have a chilling effect on speech and the free expression of ideas, which ultimately harms society as a whole. There are some ways to protect your site against a denial of service attack. Ironically, the most common measures taken—firewalls and intrusion prevention systems—are not designed to stave off this type of attack.

  • Keep an eye on your analytics. Knowing your baseline for traffic will help you to identify when a denial of service attack is underway, so you can get a jump start on mitigating its effects.
  • Contact your ISP and ask what services they offer to help mitigate denial of service attacks.
  • Create a “whitelist” of IPs that get priority access during an attack. Include your biggest clients or customers.
  • Implement “purpose-built DDoS protection” (cloud, hybrid and hardware), rather than relying on measures not specifically designed to prevent denial of service attacks.

There is more you can do, depending on your staff and budget, to protect yourself. Whatever you do, take action now, especially if you’ve already been the victim of a denial of service attack: 87% of companies attacked were hit multiple times. And remember Neustar’s pithy observation: “Hope is not a strategy.”

Kerry O’Shea Gorgone is a writer, lawyer, speaker and educator. She’s also Instructional Design Manager, Enterprise Training, at MarketingProfs. Kerry hosts the weekly Marketing Smarts podcast. Find Kerry on Google+ and Twitter.

Illustration courtesy Flickr CC and Mikael Altmark

Book link is an affiliate link

All posts

The Marketing Companion Podcast

Why not tune into the world’s most entertaining marketing podcast!

View details

Let's plot a strategy together

Want to solve big marketing problems for a little bit of money? Sign up for an hour of Mark’s time and put your business on the fast-track.

View details

Close