Attacks against political websites and human rights groups are on the rise, according to research from Harvard University.
The team found that between August 2009 and September 2010, at least 140 distributed denial of service (DDoS) attacks were carried out against more than 280 sites.
“Independent media and human rights sites suffer from a variety of different types of cyber attacks, including filtering, intrusions, and defacements in addition to DDoS attacks, and those attacks interact with each other in complex ways,” says the report.
“Recently, the organization ‘Help Israel Win’ invited individuals to install a software package (‘Patriot DDoS’) on their PCs that would give a remote administrator the capability to harness the machine in an attack on a (presumably Palestinian) target.”
The researchers say they found a particularly high prevalence of attacks in the US, Tunisia, Russia, China, Vietnam, Burma, Mexico, Israel, Egypt, and Iran.
But, they say, they didn’t find a single case of a government taking responsibility for a DDoS attack, whether against its own dissidents, against activists in another country or against another government – although they point out that this doesn’t mean it hasn’t happened.
“In contrast, we found many examples of activists claiming responsibility for attacks, sometimes against their own governments but mostly against either governments or activists in other countries — for example the multiple attacks by the Electronic Disturbance Theater
against the Mexican government,” says the report.
“Again, this does not show that activist individuals use DDoS attacks more often than do governments, but rather that activists evidently have a greater motivation to claim responsibility for DDoS attacks.”
Human rights groups, it says, need to become more vigilant – if they can muster the resources.
“The rise of DDoS as a technique for silencing human rights and independent media sites is the symptom of a larger problem: the shortage of technical talent in administering these websites and the increasing isolation of the websites from the core of the network,” it concludes. “There is no simple technical solution to this problem.”