sb-nz logo
Story image

Any internet user can order cyber attack for less than $20 - study

DE-CIX, the Frankfurt-based operator of the world's largest internet exchange (IX), together with an international team of scientists has published a study which for the first time examines the effects of Distributed Denial of Service (DDoS) attacks and the effects of police countermeasures with alarming results. 

For example, it was found that any internet user can order and have cyber-attacks carried out for less than US$20. 

A measurement infrastructure was set up specifically for this study and DDoS attacks were purchased from DDoS service providers (so-called booter websites), in order to attack the company’s own system. 

The research team also analysed the effects of the international police measures of December 2018 against DDoS service providers. In this regard, 15 booter websites were taken off the internet as part of an action by the FBI and the Dutch police, without any lasting success. 

The project involved researchers from DE-CIX, BENOCS GmbH, Brandenburg Technical University Cottbus-Senftenberg, University of Twente, and the Max Planck Institute for Computer Science in Saarbrücken.

“We were unable to record a sustained improvement in the security situation with regard to DDoS activities on the internet as a result of the police countermeasures of December 2018,” says DE-CIX research and development head Christoph Dietzel.

“After about six days, the frequency of attacks was already back to the old level of an average of 50 NTP (Network Time Protocol) DDoS attacks per hour.

“The measures had caused a drop to thirty attacks per hour,” says Dietzel. 

“Further analyses at the world's largest internet node DE-CIX in Frankfurt revealed DDoS attacks against thousands of targets on the internet occur at any time of day or night.

“Interestingly, we found out that only about 20% of the traffic of an attack goes through our IX in Frankfurt. 

“In this case, one could conclude that the 311 Gbps attack we observed was five times as large at the target, and therefore had an actual traffic rate of 1.555 Tbps. 

"[This means] the attack traffic at the target could often be significantly larger than our measurements show,” says Dietzel. 

“Attacks of this kind can lead to both financial damage and damage to the company’s image and can threaten the very existence of companies. That is why we will continue to conduct further research to combat this cybercrime in the future.”

The focus of the new research project is on artificial intelligence technologies and how they are suited to detect DDoS attacks directly at the core of the internet, at the internet exchange, and to develop new, effective protective measures.

The project runs until June 2022.