Denial of Service (“DOS”) attacks are a system of spamming your systems in such manner as to deprive the owner of a computer system or its users, access to such computer system and through such denial of access the purpose of such system is defeated.
If a website expects traffic of about 200,000 users. Instead on a single day 20,00,000 users land on the website. Beyond its expected capacity that it has provisioned for which could be 200,000 or may be a margin of 300,000, the website will not be able to sustain this surge in additional traffic. It is like a corner shop which always expects about 10 – 20 customers at a given time getting crowded with a 1000 customers trying to squeeze themselves in. With the additional crowd of 1000 customers ganging up and blocking the shop, the regular customers the shop has will not be able to enter. This will not only cause loss to the shopkeeper for a day but could make him lose his customers forever. In similar fashion, when the website’s genuine customers or users cannot access the site because of the bombardment, it denies them access to an infrastructure meant for genuine users. This is the reason for this simple description of a crime, which can cause grave harm.
The above illustration is very simplistic and describes a basic DOS attack. However entire nations and their critical infrastructure can be affected injuriously or brought down completely with such attacks.
If the same attack on a computing system or infrastructure is committed using multiple attack vectors i.e., instead of one computer or device attacking another computer or device, several computers or devices are used to commit such attack. Such instances of attacks using multiple or distributed vectors is referred to as a “Distributed Denial of Service” (“DDOS”) attack (in many DDOS attacks 27,000 to 30,000 computers or devices are deployed to run such attacks).
DDOS attacks are orchestrated by bots or malware infected zombie computers being used to simulate traffic to the target computer or computing system. By overloading such traffic beyond the capacity or bandwidth of the computing system, its effective functioning is stopped. Critical infrastructure such as banking and electricity functions can be affected through such attacks. One of the most notorious DDOS attacks is against Estonia in 2007, when its banking, Government and media functions were crippled for nearly 22 days
Court websites have suffered from DDOS attacks including that against the Supreme Court of India’s website in 2012. The risks of vigilantes online is demonstrated through this attack.
DDOS attacks were once simply used to inconvenience individuals and businesses but they are increasingly becoming a tool to earn income for cybercriminals or cause disruption for political purposes.
Such attacks can be launched with ease and cause serious damage to IT infrastructures, service interruptions and to huge financial loss. Current trends show that DDOS attacks in India are frequent and rising. International trends show that DDOS attacks are using bots purchased on the darknet with “crime as a service” being on offer.
DDOS can have serious ramifications especially for critical infrastructure. It is important to demonstrate that law can be effective in bringing such Criminals to book. Presently, this is not the case. Governments and legal systems will also take into account that DDOS attacks can even amount to acts of cyber terrorism or cyber warfare.
Presently, the Information Technology Act, 2000 (as amended) (“IT Act”) provides for civil and Criminal remedies against a DOS or DDOS attack under Section 43(f) IT Act and S.66 read / with S.43(f) IT Act, respectively. Apart from this if such act were to cause harm by threatening “the unity, integrity, security or sovereignty of India” or to “strike terror in the people or any section of the people”, then it amounts to cyber terrorism and Section 66F of the IT Act may be invoked.
Victims should initiate civil and criminal proceedings and demonstrate that criminals can be brought to book. Else such serious offences not only go unpunished but will be setting worrisome precedents for others to launch such or more aggravated attacks.
File your complaint online on cybercrime.gov.in. Seek justice and ensure that criminals do not harm you or others. Be A Cyber Saathi!
“The website and modules therein contain details of different kinds of cybercrimes and violations and some of such content or material on Cyber Saathi may contain language or details which may not be explicit / sensitive in nature and may not be appropriate for Users below the age of 18 years. For users below18 years of age, parental consent and guidance is mandatory. Parents are advised to review content in advance. “