A software engineer is calling on Americans to oppose Trump’s presidency by visiting the Whitehouse.gov site and overloading it with too much traffic. In effect, he’s proposing a distributed denial-of-service (DDoS) attack, an illegal act under federal law. IT security experts from DomainTools, Imperva and NSFOCUS IB commented below.
Kyle Wilhoit, Senior Security Researcher at DomainTools:
“Protestors across the globe continue to utilize denial of service and DDoS attacks to propagate their viewpoints and spread the concept of civil disobedience. In this situation, the White House likely has protections in place to help prevent simple page refresh denial of service attacks, so in order for this style of attack to succeed, it would require a very large volume of traffic from thousands of personal machines.”
.
Amichai Shulman, CTO and Co-Founder at Imperva:
“This is certainly not a new issue. I think that one of the prominent precursors of this trend was the Anonymous hacker collective who used to promote such protest campaigns circa 2010 / 2011. We have seen such campaigns directed at official organizations and commercial organizations in the past few years and it looks like they are the cyber equivalent of marching the streets. At the end of the day the success of the campaign is not measured by whether a site went down for an hour or two – much like street marching – but whether some change was driven by the public attention. This trend is very different from professional DDoS attacks carried by cyber criminals with the intent of impairing competition (mainly in the gaming industry) or racketeering (across all industries).”
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:
“The motivations for DDoS attacks continues to expand. Notoriety, competitive advantage, nation-state and terrorist driven, smokescreens for other attacks, and finally hacktivism, attack frequency and size will continue to grow. Using DDoS as a form of protest will likely increase in the light of the new presidential administration in the U.S.; and there has never been a better time to deploy the proper cloud and on-premises DDoS defenses. DDoS can easily be defeated.
Participating in a DDoS attack is a crime; regardless if you use a tool , a script, a botnet for hire, or a finger and a keyboard. If protesters move forward with this demonstration, they must remember that their source IP addresses in most cases will not be spoofed; meaning, law enforcement can easily track those who participate. Interesting enough, this “call for protest” is being hosted on a website using the .io domain; which is assigned to the British Indian Ocean Territory. Apparently, the organiser thought it a good idea to host this “call for protest” on a website located outside of the U.S.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…