Why Do People Perform DDoS Attacks?

Christian Sager

on June 11, 2014. DDoS tracking from Digital Attack Map on June 11, 2014.

When Evernote, Feedly and TweetDeck went down simultaneously last week, you could feel the fear kick in across the web. Most of these services were back up shortly, but Feedly took awhile longer, saying they received an extortion letter from those who crashed their service. Then it happened again a day later, presumably by a separate extortionist. It may seem like these are small, isolated incidents, but according to an article by eWeek, digital security firm NSFocus says there's an average of 28 distributed denial-of-service (DDoS) attacks every hour. In my naiveté, I heard a voice not unlike my dear grandmother's ask, "But why would so many people try to crash the internets?"

Let's first quickly establish what a DDoS is. My colleague Jonathan Strickland concisely explains these attacks in a larger article about zombie computers. The gist is that an attacker networks computers together and makes them all contact a specific server or site repeatedly. This surge in traffic either makes the site load very slowly, or it completely shuts down. It gets even more complicated when zombie computers infect innocent computers to increase the push. For our purposes, those technical details aren't important. Especially since DDoS attacks have only gotten easier as step-by-step instructions and executable programs become widely available to download.

Since so many of the people behind these attacks remain anonymous, it's not easy to ascribe rationale to their actions. But when 28 of these attacks are happening every hour? Some patterns and evidence start to build up pointing to the attackers' motivations. Here's seven possible reasons for a DD0S attack.

Extortion Feedly's claim that their DDoS attack was the result of extortionists isn't that unbelievable. There have been several cases where a DDoS is followed by a ransom note. Once the site is down, the attackers demand money in exchange for stopping their attacks. Some even make the threat before thet attack. In both cases their rate of success is usually low.

Business Competition

Imagine if Dunkin' Donuts tried to slow Krispy Kreme's business by boarding up their doors overnight. That's sort of the equivalent of using a DDoS attack for anti-competitive business practices. If your site is down, your services are disrupted and consumers may flock to your competitor. Just small amounts of downtime can end up costing a company thousands of dollars. It can also promote negative associations with a brand, so that customers no longer trust their services. Rumor has it this is standard practice between online gambling sites, each DDoSing the other back and forth.


Others use DDoS attacks as a means to express their criticism of everything from governments to role-playing games. Government sites in Russia, Georgia, the U.S. and South Korea are often attacked via DDoS cyber warfare. Some speculate these attacks could even be perpetrated by other nations. Other politically motivated attacks may be against companies who the attacker disagrees with. The subject of disapproval could be anything from ethical concerns to an online player upset about a recent update that "nerfed" their favorite game.

"Script Kiddies"

The previously mentioned users who attack video games are often referred to as "script kiddies" because their motivation is seen as childish and it is possible they're running a simple script to perform their DDoS attack. The tools to pull off a DDoS aren't so secret anymore. Also, let's be honest, being able to take out a company from your bedroom is probably amusingly empowering in a David and Goliath sort of way. Today's DDoS is yesterday's vandalism.

Security Feints Like a mashup of a William Gibson novel and "Ocean's 11," some DDoS attacks are merely cyber-feints to distract a bank while criminals extract valuable financial information from an online heist. Thieves pulled off a hoodwink like this on the Bank of the West, stealing $900,000 from one of their customers during a DDoS attack.

Internal Testing Although they may not admit to it, sometimes a DDoS crash is the result of an organization's own actions. It's either a mistake, or they're purposefully testing their network strength to see how much bandwidth it can handle.

Booter Services To accomplish any of the above you can actually rent a botnet or hire a booter service to do it for you. For low costs marketed to script kiddies, DDoS attack capabilities are available to pretty much everyone. These booter services are difficult to take down as well, because their public face operates on a different ISP than where the attack is coming from.

So, let's review...

After demystifying DDoS, it seems that people use it to crash sites for the following reasons: money, money, protest, mischief, money, incompetence and... money.