Cyberattacks are getting worse – are you protected?

بواسطة Janine Warner and David LaFontaine
Oct 30, 2018 في Digital and Physical Safety
Cyberattack

This article is the first installment in a four-part series on journalism and cybersecurity. Read part two, part three and part four

First, the bad news.

In the last year, we’ve seen an exponential rise in both the frequency and intensity of distributed denial-of-service (DDoS) and other cyberattacks aimed at silencing journalists and digital news sites. Recent attacks even target the basic backbone of the web by hammering on DNS servers. 

More than half of digital media sites in Latin America suffered DDoS attacks last year because of their news coverage, according to a study by SembraMedia

This digital form of censorship is on the rise in Latin America (and around the world) and has become such a common problem that there are special free services designed to protect journalists, human rights organizations, and election monitors. Yet many digital natives are still are not aware of these services or lack the time and skills to get them set up.

Cyberattacks range from hacked email and social media accounts, to distributed denial-of-service (DDoS) attacks, to digital smear campaigns. In this series of articles, we are going to focus on DDoS attacks, because they are capable of taking down dozens of sites, even such mighty internet giants as the New York Times, Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, EA, the PlayStation network – all at the same time (see When the Entire internet Seems to Break at Once).

In a DDoS attack, hackers use thousands of compromised computers to overload a website, making it impossible for anyone else to visit. Digital journalists are starting to refer to DDoS attacks as “the new censorship,” because the growth and spread of increasingly sophisticated methods has made these types of cyber-attacks easier (and cheaper) for anyone who wants to bring down a website. 

How do DDoS attacks work?

Imagine your website is like a cool night club. Sometimes the dance floor gets crowded, much like traffic to your website goes up when you publish an especially popular video.

Now imagine one Friday night, your competitor sends a bunch of thugs to your place and they not only fill the club, they create such a crowd at the front door that none of your regular customers can get in. That’s essentially what happens in a DDoS attack on your website.

Thus, you can think of having DDoS protection like having a really good bouncer.

The tricky thing about a distributed denial-of-service attack is the first word: “Distributed.” If the thugs all showed up to your club wearing the same brightly colored uniform, it would be easy for the bouncer to spot them and keep them out. But if they disguise themselves to look like other well-dressed guests they blend into the crowd.

DDoS attacks can not only take down your website, they can also cost a small fortune if you don’t have an unlimited web hosting plan.

The digital equivalent would be if all the traffic in a DDoS attack came from the same computer, or even the same ISP, it would be relatively easy to recognize and block. But when hackers stitch together networks of compromised computers from all over the world, it’s much harder to keep them out. And like everything else in the world of computers, not only are DDoS attacks getting more powerful, they are getting cheaper.

Today, nearly anyone can commission a DDoS attack for as little as US$2. With a simple Google search, it’s easy to find hackers offering to launch DDoS attacks, many with glowing customer reviews and money-back guarantees.

Most cyberattacks seem to be launched by companies trying to gain advantage against competitors, but increasingly DDoS attacks are being used to take down news sites and silence journalists and activists. DDoS attacks can not only take down your website, they can also cost a small fortune if you don’t have an unlimited web hosting plan.

One reason for these cyberattacks is that hackers want you to face a huge web hosting bill, said Dmitri Vitaliev, co-founder and director eQualit.ie, a Canadian-based nonprofit that provides DDoS protection through its Deflect service. “You can try to overwhelm the server,” he said, “or you can try to overwhelm the pockets of the account holder.”

For example, he explained, it’s almost impossible to bring down a website with a DDoS attack when it’s on a premium cloud hosting service, but the cost of handling all the extra traffic can be significant. In a massive attack, bills can quickly run into the hundreds or even thousands of dollars, he said. Smaller web hosting providers may simply decide to shut your site down because an attack can cause problems across their entire system.

You can protect yourself – but it’s far better to be prepared before you’re attacked

As the strength of DDoS attacks and other forms of hacking has escalated over the last year, it’s easy to take a pessimistic view of internet security. Fortunately, a few smart, brave people like Vitaliev are fighting back and providing free services to protect journalists.

The kind of DDoS protection you need depends on the kind of web hosting you have, the kind of site you run, and how much money you are willing to spend.  At the high end, private companies pay tens or even hundreds of thousands of dollars a month for internet security services.

Fortunately, if you’re a journalist, NGO, election monitor or human rights organization, there are at least two services that will protect you for free: Jigsaw Project Shield (run by Google) and Deflect, run by Equalit.ie.

Like the best night club bouncers, Project Shield and Deflect know how to spot trouble makers before they get into your club in the first place.

In the next two articles in this series (see here and here), we’ll explore each of these free services for journalists and explain what you need to do to qualify for their protection.

Which DDoS service is best for your website:

Project Shield leverages Google's massive infrastructure to provide powerful protection.

Equalit.ie offers free web hosting, as well as strong DDoS protection for those who qualify.

Resources and other links:

Vocabulary lesson: A comprehensive guide to understanding the vocabulary of DDoS attacks. 

How to tell if your computer has been compromised by a RAT.

Protect your device from malware and hackers.

Janine Warner is the founder and executive director of SembraMedia, an organization dedicated to improving the quality of news content available in Spanish. She is an expert at helping digital media entrepreneurs implement sustainable business practices and generate new sources of revenue online. Learn more about her work as an ICFJ Knight Fellow here.

Main image cc-licensed by Flickr via Blogtrepreneur. Secondary image c/o SembraMedia.