The first distributed denial of service attack occurred on August 17, 1999, when a server at the University of Minnesota was attacked, resulting in two consecutive days of service interruption. Over the next few days, at least 16 other hosts, some of them outside the United States, were hit by the same attack. This time, the attack came from at least 227 hosts, and their owners were unaware that their devices had become tools in the hands of hackers. The attack packets are in UDP format and the source address is not hidden. On February 7, 2000, portal and search site Yahoo was attacked, forcing an hour-long outage of service. A similar attack on Buy.com followed. Within a week, eBay, CNN, Amazon and Dell.com were taken down. On April 8, ABC News reported that Michael Simon Kars, a 15-year-old Canadian boy who carried out the Yahoo attack, had been arrested by police. On October 21, 2002, starting at 4:45 PM EST, 13 root DNS servers around the world were hit by one of the most serious and massive cyber attacks in history, lasting until 6:00 PM. The event was a distributed denial of service attack, in which 30 to 40 times more data than normal flooded the servers. As a result, nine servers were down, seven of which lost their ability to handle network traffic and two others crashed. On June 21, 2003, requests overwhelmed the servers of ClickBank, an online marketplace for digital information products, and SpamCop, an anti-spam organization, making the service unavailable to normal users. ClickBank officials say each server receives thousands of HTTP requests per second, while log files grow at a rate of 1MB per second. In April 2007, Estonian Prime Minister Andrus Ansiep proposed the relocation of a Soviet bronze statue in Tallinn, Estonia’s capital, for soldiers killed in World War II, to a military cemetery, causing domestic unrest and resentment among the Russian government and the public. From the end of April to May 2007, Estonia’s critical Internet infrastructure, including the websites of the Parliament, the presidential palace, the general office, the central bank, major media and newspapers, were shut down by DDoS attacks. On January 23, 2008, Anonymous declared war on The Church of Scientology in a Youtube declaration against the church of Scientology’s attempts to control information on the Internet. Initially, Anonymous used Gigaloader and JMeter as weapons to attack. It was later replaced with a network-stress tool called a low-Orbit Ion cannon (LOIC), which sent large amounts of TCP and UDP packets to clog the network. Russia also saw DDoS attacks during its five-day war with Georgia in 2008. Reports at the time suggested that several Georgian, Azerbaijani and Russian websites had been knocked down by DDoS attacks. On July 26, 2010, wikileaks released as many as 92,000 secret us military documents in Afghanistan online, causing a stir. On December 4, PayPal, the US online payment processor, announced that it had suspended the accounts and services of wikileaks for violating the company’s service policies. In the immediate aftermath, many businesses stopped providing services to wikileaks or froze donations to it. On December 5th anonymous, a hacker group, published a manifesto expanding its ongoing “Operation Payback” into “Operation Assange’s Revenge”, offering help to wikileaks and attacking its enemies. On January 11, 2011, SONY filed a lawsuit against George Holtz and others for hacking SONY’s popular playstation 3 console. On March 6th a court granted SONY access to all the IP addresses used to access Hotz’s blog, including those of the downloaders who cracked the program. On April 3rd Anonymous, a hacktivist group, broke into a SONY website and posted a message declaring war on the company for violating the privacy of thousands of innocent people, calling it Operation SONY. On April 14, several SONY servers went down in a DDoS attack, followed by the theft of user data. In July 2012, a video posted on YouTube caused an outcry in Islamic countries that deemed it insulting to Islam. In September, a hacking group announced retaliation against the United States, directly targeting American banks, the beginning of a series of DDoS attacks code-named “Operation Swallow” targeting American financial institutions. The DDoS attacks lasted more than a year and hit dozens of us banks, causing untold damage. A famous DDoS attack in 2013 was on Spamhaus, an anti-spam organization. Spamhaus was hit by a DDoS attack on March 18, 2013. The attacker uses DNS reflection technology to attack through botnets. The attack traffic reached 300Git/s, making it the largest distributed denial of service attack in history by 2013. The incident was sparked by Spamhaus’s decision to blacklist a Company in the Netherlands in retaliation.
More on the history of DDos attacks:
[Internet Security] DDoS attack and defense principle and actual combat
Official website of Ali Yun University (Official website of Ali Yun University, Innovative Talent Workshop under cloud Ecology)