There is a pattern running through last week’s attacks. In the world of crypto currencies it was the attacks on Ethereum and Ethereum-Classic that ended up in a hard fork for both. Last weekend Twitter, Paypal, Netflix and Spotify saw themselves out of order.
The reason: DoS attacks
DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks have always been an entertaining part of hacker movies or series. Commands are entered here via command line terminals à la Matrix and the target server faces a flood of requests.
In reality, the planned DDoS is one of the stronger attacks and is comparable to a lot of people running over a shopping center. Everywhere the employees are questioned, the cash registers are overcrowded, new customers cannot reach the shopping center because it is overcrowded. The result is the temporary breakdown of the service.
Such attacks can be planned or unplanned. Blogs or image boards that have become famous overnight can collapse completely unplanned under the burden of the multitude of new visitors. We at Ethereum, Twitter or Netflix can confidently rule out that this is the case.
The Internet of Things
In this chapter, the devices of the Internet of Things (IoT) play a new role. Networked cameras, refrigerators, coffee machines – some people will laugh now, the new developments around networked everyday devices are so absurd.
They are intended to make our everyday lives simpler and more structured, but they also bring new dangerous computing power into the network.
(Little anecdote from my lecture on IT security: IoT devices are not only dangerous in virtual life, there have actually been rumours that national security services wanted coffee machines to be overloaded/ malfunctioning from a distance. This malfunction was supposed to cause the machines to explode, preferably in the vicinity of terrorists, of course. A cooperation between Senseo and Samsung? wink smiley*)
These new IoT devices have hardly any security measures. They can apparently be captured quickly and integrated into a larger botnet. The IT news portal heise.de quoted the Chief Data Officer of Telefónica:
“With the Internet of Things, we’re repeating the mistakes we made in IT in the past”.
Attacks are something positive
At this point this may speak against one’s intuition, but in fact attacks are a good thing. At least in a non-traditional server structure.
We observe the growth of the IoT as a global edition of tools and materials. Everyone deals with the materials differently. The developers say to themselves, “nothing will happen”. The average user “joins” the materials as the developer intended. And then there is a not negligible minority that uses the new materials to forge “weapons” out of them.
The goal are the above-mentioned services – and more. But blockchain experts transform the term “attack” into something positive.
Traditional servers are centrally controlled and thus offer a central attack surface. Of course, these services can also learn from attacks, but they have to live with the downtime – the time when the services are simply offline due to the attacks.
Ethereum and Ethereum Classic, or Bitcoin – they all work with blockchain technology and are distributed. These networks, and therefore their services, are not centrally deactivatable. Even if they suffer attacks, this does not lead to the same results as with Netflix, Spotify and Co.
One could even go so far as to speak of the opposite: Precisely because these network structures don’t go offline, you can actively work on countermeasures. For a short period you may have to introduce a hard fork, as in the example of Ethereum. But in the long run you are prepared for such attacks. Their decentralization makes the costs of an attack skyrocket, making it unprofitable.
Traditional network structures, on the other hand, are often bombarded with the same attack pattern – it is not held together as a group against it, everyone “patches” their own security holes. An attacker then only has to let go of his line and wander to the next unprepared target.