One of the interesting fallouts from the Wikileaks revelations about U.S. and international diplomatic cables that revealed the inner machinations of foreign policy operatives, secrets is the attacks by Wikileaks supporters on various financial institutions that shut off the processing of monetary contributions to the Wikileaks organization.
Of the three major financial giants impacted by the mass internet attacks, PayPal, Visa and MasterCard were the most affected entities. PayPal seems to have weathered the storm pretty well, but Visa and MasterCard seem to have fared worse. All three companies where hit by a similar type of attack, which is well known to internet security professionals, called a distributed denial of service attack. A (distributed) denial of service (DoS) attack on a system is caused by numerous maliciously motivated requests directed towards a company’s website, which prevents the company from processing requests from legitimate business users. The concerted requests for a web site’s services simply overwhelm the bandwidth of the web site and tend to make the web site either go down completely, or perform so slowly as to be practically unavailable to its users.
DoS attacks are one of the top 10 web related attacks that have been identified by web security groups such as OWASP. Although a DoS attack can be launched by disrupting the physical media or the communication network of a company, it may also be caused by simply sending an extremely high number of serviced requests to the web server of the company hosting the web site. In simple terms, this is what cyber warfare is like.
Companies typically protect themselves against DoS attacks by using effective firewalls, appropriate configuration of network components such as switches and routers and the use of Intrusion Prevention Systems (IPS), among other techniques.
An interesting footnote to this is the fact that WikiLeaks itself was also the victim of an extremely heavy DoS attack against its web servers. Wikileaks stated that malicious traffic was directed against its sites at the rate of 10 gigabytes per second, which is way higher than the average of about 350 megabytes a second for denial of service attacks over the last year.