3:26pm

Sun December 12, 2010
Digital Life

Attacking Websites Is Surprisingly Easy Social Protest

Companies including Amazon, PayPal and MasterCard were the subject of civil protests this week. But these weren't your grandmother's street marches.

The "protests" by people acting in support of the organization WikiLeaks were actually attacks on the companies' websites -- a specific type of cyberattack known as a denial-of-service attack.

Though the targets are massive multinational companies, the attacks themselves are startlingly easy to pull off.

Attack Of The Zombies

Think of a denial-of-service attack like a phone call. When many computers attempt to connect to the same website, it's as if many people are calling the same person.

"Now, when another person tries to call, they're going to get a busy signal," Nicolas Christin tells NPR's Audie Cornish. Christin is associate director of the Information Networking Institute at Carnegie Mellon University. He says denial-of-service attacks work by replicating that principle, but on a much larger scale.

Traditionally, Christin says, a few lone attackers release a worm or virus that infiltrates other computers on the Internet, turning them into a "zombie network" that repeatedly bombs a single website with data.

A single Web user can easily volunteer their computer for the attack, too, by downloading a simple push-button application.

While these kinds of attacks have been around for years, something different has been going on with the attacks on WikiLeaks and associated companies.

With so many people targeting WikiLeaks, there's been less need for an army of "zombie" computers. Thanks to social media, word of the attacks spread quickly -- while recruiting more of the living to the cause.

"So what you see is that people are saying on Twitter, 'We want to punish Amazon. Just download this program and join the fight,' " Christin says.

Easy Targets And Future Hassles

Denial-of-service attacks may be a hassle for companies, but Christin says they pose little danger to the consumers. The infrastructure that houses personal finance information isn't being accessed by attackers -- they're simply flooding the website with "calls."

Just like "getting a busy signal on a phone line doesn't mean that there's a burglar," Christin explains.

But as more and more people have access to high-speed Internet connections, Christin warns that denial-of-service attacks will likely become more and more common.

"Participating in acts of electronic civil disobedience is relatively easy," he says. "I think we're going to see -- unfortunately -- more of these attacks in the future, just because they are so easy to carry out and relatively difficult to defend against." Copyright 2011 National Public Radio. To see more, visit http://www.npr.org/.