Amid the rise of the Internet’s “hypergiants” — the massive Internet service providers (ISPs) and network operators at the core of Earth’s global communications platform — smaller media organizations and human rights groups have found themselves on the network’s outer fringes, and frequently the targets of devastating cyber-attacks.
That’s according to a recent Harvard University study (PDF), carried out by the Berkman Center for Internet & Society, which illustrated the challenges small organizations face in propelling their key issues into the global spotlight.
Harvard researchers found that between August 2009 and September 2010, a collection of just 280 sites run by human rights organizations were hit with 140 different distributed denial-of-service (DDoS) attacks.
But those were just the most prominent instances: there were likely many others that went unnoticed, the researchers noted.
The problem posed by these types of attacks is that smaller organizations operating without the aid of network security experts can be bounced off the Internet by a massive influx of traffic across their domain.
It’s a tactic not dissimilar from those employed by “hacktivist” community “Anonymous” in its recent campaign against the corporate enemies of secrets website WikiLeaks, but with an even more nefarious purpose. As opposed to the voluntary networks of individuals who consciously lent their computers to attacking companies like MasterCard and PayPal, most of these DDoS attacks are orchestrated by shadow networks of computers carrying malicious software that hijacks bandwidth without the users’ knowledge.
While many human rights groups could theoretically develop a system of fallbacks, alternates and safeguards to keep their message on the global network, they have largely failed to do so.
“The network operators at the core often know one another through industry meetings and, importantly, from private mailing lists and forums where network security issues are discussed,” Harvard researchers wrote. “Near the edge, network administrators frequently don’t know about these lists and sometimes would not be welcomed into these conversations even if they knew of them.”
Those network operators are, more often than not, part of a rising collection of firms that the study called “hypergiants.” A 2009 study by Arbor Networks (PDF), cited by Harvard, noted that approximately 30 percent of the Internet’s traffic began and ended with just 30 firms. This has effectively drawn network security experts toward more lucrative salaries paid by companies at the Internet’s core, making it increasingly difficult for smaller groups to develop strategies for keeping their sites online.
“And, because they are often connected to the rest of the Internet by a single link, they are especially vulnerable to DDoS network attacks,” the researchers found.
They also noted that in most nations, the largest data providers have close ties to the local government, meaning “dissident sites might choose to use smaller ISPs or hosting providers to avoid the big, government-controlled ISPs.”
The study concluded that human rights groups and independent media outlets should ensure they have a mirror site that’s not publicly disclosed, so that if a main server is attacked, or if page load times are seriously affected, the secondary could be switched on to take its place.
They also recommended that sites investigate how quickly they can change their domain’s server address association in the event of their domain being hijacked by hackers. Currently only one organization, the Internet Corporation for Assigned Names and Numbers, controls the Internet’s domain name service (DNS) registry.
Researchers added that any site with controversial information should warn their hosting company of the potential for sustained DDoS attacks and ask them to promise not to shut them down in the face of a mass influx of traffic. They also encouraged human rights groups and their financiers to foster relationships with individuals at large ISPs, and to search out web hosts that can resist DDoS attacks.
Finally, they added that policy makers should consider “making certain types of DDoS attacks unlawful under national or international legal regimes.”
However, even with the problem of DDoS addressed, rights groups the world over will still face significant challenges in waging their battles online. Many groups that were hit with DDoS were “also subject to filtering, intrusions, or defacements and that, even though DDoS attacks are a significant concern for independent media, filtering of sites and off-line persecution of authors and sources (sometimes resulting from online intrusions) are a higher priority.”