The Early Days: 2004-2007
There were many radical shifts in scale to the Internet across this period. In 2004, the Internet2 backbone (Abilene) was upgraded from 2.5gb/sec to 10gb/sec. and was set to deploy the next generation Internet protocol, IPv6. By 2007, it had transferred to Level 3, with a 100gb/sec US East to West coast span of Level 3’s network. Online banking became mainstream. In 2003, Amazon achieved its first yearly profit. By 2007, eCommerce sales made up 3.4 percent of all U.S. sales. Skype launched in 2003 and “thefacebook” followed in 2004. Internet connectivity became essential for governments and businesses worldwide.
DDoS attacks scaled accordingly. Attacks in the 10’s of gb/sec became frequent; and by 2010, the 100gb/sec barrier was broken. Attacks were increasingly complex and usually coordinated, making the attacks more powerful and harder to guard against.
Attack motivations ranged from hacktivism to underground criminal activities. There was a significant growth of underground criminal forums online and IRCs, helping establish and spread the black market for malware tools. Botnets and their variants were being sold widely. Even by 2003, DDoS-for-hire services could be purchased online. This expanded the attacker profile from being someone skilled and highly trained to a much larger profile of groups and individuals who could launch DDoS attacks just through making a payment, and downloading a simple DDoS tool.
Ransom requests accompanying DDoS attacks also began to spread. In 2004, U.S. credit card processing firm Authorize.net reported that it was fighting a sustained DDoS attack, which had left it struggling to maintain its online presence. The Boston Globe reported that the attacks followed an extortion letter.
DDoS extortion attacks became particularly endemic in the online gaming industry. In July 2004, three men were arrested in Russia suspected of masterminding a cyber-extortion racket, which specifically targeted online gaming sites, netting hundreds of thousands of dollars in the process.
Attacks tended to begin with crude SYN flood attacks. If payment wasn’t made, attackers would resort to more sophisticated options, including UDP Floods, UDP Fragment Attacks, NB-Gets, and ICMP Ping Floods. Such attacks for unprotected sites can be devastating. Increasing numbers of enterprises signed up for DDoS protection services.
2007 also saw the first time a botnet threatened the national security of a nation when a series of DDoS attacks hit Estonian banks, telcos, media outlets and name servers.