Attacks on organizations’ websites have become an increasingly potent weapon in the 21st-century battles over information. With the recent targeting of an independent newspaper in Russia and firms that refused to do business with the Wikileaks site, the issue has come into sharp focus, with financial and civil liberties questions hanging in the balance. Among those at risk of such attacks, independent media and organizations dedicated to human-rights issues are some of the most obvious — and consequential — targets.
A 2010 study by Harvard University’s Berkman Center for Internet and Society, “Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites,” looks at both the frequency and type of website attacks — including denial of service, intrusion and defacement — that have been launched against such groups. The authors built a database of reported attacks in 2009 and 2010, surveyed 45 such organizations, and looked at the particular vulnerabilities of these groups.
Important points in the study include:
- Of the 45 groups surveyed, 72% said they experienced filtering of their content at the national network level, 62% experienced denial of service attacks, and nearly 50% experienced unexplained downtime for seven days or more.
- The two major disruption methods are “brute force” attacks, in which a network of compromised computers launches an overwhelming number of data requests; and “application attacks,” in which server, system and software vulnerabilities are exploited.
- Even outside high-profile public events or emergencies such as elections, protests or military actions, denial-of-service attacks against independent media and human rights sites became more common in 2010.
- Given the high publicity that that the attacks on companies refusing to do business with Wikileaks — known as “Operation Payback” — received, such attacks are expected to become even more common.
The study’s authors suggest that potentially vulnerable organizations should consider moving their sites inside major networks that have better defense capabilities; improve their levels of expertise to better cope with an attack; and maintain a duplicate copy of their site in a secure, unpublicized location.
Tags: crime, news, technology, human rights
Expert Commentary