A software engineer is calling on Americans to oppose Trump’s presidency by visiting the Whitehouse.gov site and overloading it with too much traffic. In effect, he’s proposing a distributed denial-of-service (DDoS) attack, an illegal act under federal law. IT security experts from DomainTools, Imperva and NSFOCUS IB commented below.
“Protestors across the globe continue to utilize denial of service and DDoS attacks to propagate their viewpoints and spread the concept of civil disobedience. In this situation, the White House likely has protections in place to help prevent simple page refresh denial of service attacks, so in order for this style of attack to succeed, it would require a very large volume of traffic from thousands of personal machines.”
“This is certainly not a new issue. I think that one of the prominent precursors of this trend was the Anonymous hacker collective who used to promote such protest campaigns circa 2010 / 2011. We have seen such campaigns directed at official organizations and commercial organizations in the past few years and it looks like they are the cyber equivalent of marching the streets. At the end of the day the success of the campaign is not measured by whether a site went down for an hour or two – much like street marching – but whether some change was driven by the public attention. This trend is very different from professional DDoS attacks carried by cyber criminals with the intent of impairing competition (mainly in the gaming industry) or racketeering (across all industries).”
Stephen Gates, Chief Research Intelligence Analyst atNSFOCUS IB:
“The motivations for DDoS attacks continues to expand. Notoriety, competitive advantage, nation-state and terrorist driven, smokescreens for other attacks, and finally hacktivism, attack frequency and size will continue to grow. Using DDoS as a form of protest will likely increase in the light of the new presidential administration in the U.S.; and there has never been a better time to deploy the proper cloud and on-premises DDoS defenses. DDoS can easily be defeated.
Participating in a DDoS attack is a crime; regardless if you use a tool , a script, a botnet for hire, or a finger and a keyboard. If protesters move forward with this demonstration, they must remember that their source IP addresses in most cases will not be spoofed; meaning, law enforcement can easily track those who participate. Interesting enough, this “call for protest” is being hosted on a website using the .io domain; which is assigned to the British Indian Ocean Territory. Apparently, the organiser thought it a good idea to host this “call for protest” on a website located outside of the U.S.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.