A software engineer is calling on Americans to oppose Trump’s presidency by visiting the Whitehouse.gov site and overloading it with too much traffic. In effect, he’s proposing a distributed denial-of-service (DDoS) attack, an illegal act under federal law. IT security experts from DomainTools, Imperva and NSFOCUS IB commented below.
Kyle Wilhoit, Senior Security Researcher at DomainTools:
“Protestors across the globe continue to utilize denial of service and DDoS attacks to propagate their viewpoints and spread the concept of civil disobedience. In this situation, the White House likely has protections in place to help prevent simple page refresh denial of service attacks, so in order for this style of attack to succeed, it would require a very large volume of traffic from thousands of personal machines.”
Amichai Shulman, CTO and Co-Founder at Imperva:
“This is certainly not a new issue. I think that one of the prominent precursors of this trend was the Anonymous hacker collective who used to promote such protest campaigns circa 2010 / 2011. We have seen such campaigns directed at official organizations and commercial organizations in the past few years and it looks like they are the cyber equivalent of marching the streets. At the end of the day the success of the campaign is not measured by whether a site went down for an hour or two – much like street marching – but whether some change was driven by the public attention. This trend is very different from professional DDoS attacks carried by cyber criminals with the intent of impairing competition (mainly in the gaming industry) or racketeering (across all industries).”
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:
“The motivations for DDoS attacks continues to expand. Notoriety, competitive advantage, nation-state and terrorist driven, smokescreens for other attacks, and finally hacktivism, attack frequency and size will continue to grow. Using DDoS as a form of protest will likely increase in the light of the new presidential administration in the U.S.; and there has never been a better time to deploy the proper cloud and on-premises DDoS defenses. DDoS can easily be defeated.
Participating in a DDoS attack is a crime; regardless if you use a tool , a script, a botnet for hire, or a finger and a keyboard. If protesters move forward with this demonstration, they must remember that their source IP addresses in most cases will not be spoofed; meaning, law enforcement can easily track those who participate. Interesting enough, this “call for protest” is being hosted on a website using the .io domain; which is assigned to the British Indian Ocean Territory. Apparently, the organiser thought it a good idea to host this “call for protest” on a website located outside of the U.S.”