DDoS Attack: Analysis of a Real-World Cyber Security Incident
VerifiedAdded on 2023/01/13
|15
|3001
|98
Report
AI Summary
This report provides a comprehensive analysis of Distributed Denial of Service (DDoS) attacks. It begins with a detailed walkthrough of how a DDoS attack operates, explaining the different stages and tools used, including Nemesy, Blast, Panther, and Botnets. The report then delves into a real-world example, focusing on the 2014 DDoS attack on the Democracy voting website in Hong Kong (PopVote). It identifies the intricacies of the incident, the security aims that were breached, and the consequences, including financial losses and the disruption of the election process. The report also highlights the actions taken to address the issue, such as diversion, filtering, and analysis, and concludes with a discussion of the impact and implications of the attack on cyber security and the need for improved security measures.
Running head: CYBER SECURITY
Cyber Security
Name of the Student
Name of the University
Author Note:
Cyber Security
Name of the Student
Name of the University
Author Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBER SECURITY
Executive Summary
The prominent purpose of the paper is to emphasis on the detailed explanation of a DDoS attack.
The paper will be discussing the the deatailed description of a DDoS attack. A real world
example of a DDoS attack will be presented in the psper along with the outcome and the impact
of the attack. The mitigation steps takewn by the concencernbed official will be also stated in the
conclyding sections of the paoere wth the help of a pictirual diagram.
Executive Summary
The prominent purpose of the paper is to emphasis on the detailed explanation of a DDoS attack.
The paper will be discussing the the deatailed description of a DDoS attack. A real world
example of a DDoS attack will be presented in the psper along with the outcome and the impact
of the attack. The mitigation steps takewn by the concencernbed official will be also stated in the
conclyding sections of the paoere wth the help of a pictirual diagram.
CYBER SECURITY
Table of Contents
Introduction......................................................................................................................................4
Detailed walkthrough of a DDoS attack..........................................................................................4
Description of a DDoS attack......................................................................................................5
Identification and explanation of the intracies of the event.............................................................9
Aim of security which was breached.............................................................................................10
Result consequences......................................................................................................................11
Actions taken to address the issue.................................................................................................11
Conclusion.....................................................................................................................................13
Reference.......................................................................................................................................14
Table of Contents
Introduction......................................................................................................................................4
Detailed walkthrough of a DDoS attack..........................................................................................4
Description of a DDoS attack......................................................................................................5
Identification and explanation of the intracies of the event.............................................................9
Aim of security which was breached.............................................................................................10
Result consequences......................................................................................................................11
Actions taken to address the issue.................................................................................................11
Conclusion.....................................................................................................................................13
Reference.......................................................................................................................................14
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
CYBER SECURITY
Introduction
The following unit of the paper will be presenting the walkthrough of a DDoS attack
describing each stage of the attack. The paper will be also discussing one real-world example of
a DDOS attack. The report will be identifying and explaining the intracies of the attack. All the
details of the attack will be discussed in details in the paper. The outcomes and the impact of the
paper will be also discussed in the paper along with that the paper will also highlight the security
measures which were breached by the cybercriminals for the attack (Fielder et al., 2016). The
actions taken as mitigation will be also stated in the paper with primary importance.
Detailed walkthrough of a DDoS attack
This section of the paper will be describing the detailed walkthrough of a DDoS attack.
The distributed DDoS is defined as a type of attack which is performed by a number of
compromised machines which targets the computer system of the victims. The attack floods the
network with data packets (Kaun & Treré, 2018). The attackers help in the manipulation of the
data packets before being assembled in the host. Along with these kinds of attacks, it can be said
that the DDoS attack tools can be very much important for the cybercriminals to carry out a
cyber-security DDoS attack. The different types of tools used in the DDoS attack are as
followings:
Nemesy: Pockets in a network is identified using this tool.
Blast: It is the most commonly used tool for the DDoS attack.
Panther: UDP packets can be stacked in a victims system using this tool.
Botnets: This tool was used in the PopVote DDoS attack of Hongkong in 2014.
Introduction
The following unit of the paper will be presenting the walkthrough of a DDoS attack
describing each stage of the attack. The paper will be also discussing one real-world example of
a DDOS attack. The report will be identifying and explaining the intracies of the attack. All the
details of the attack will be discussed in details in the paper. The outcomes and the impact of the
paper will be also discussed in the paper along with that the paper will also highlight the security
measures which were breached by the cybercriminals for the attack (Fielder et al., 2016). The
actions taken as mitigation will be also stated in the paper with primary importance.
Detailed walkthrough of a DDoS attack
This section of the paper will be describing the detailed walkthrough of a DDoS attack.
The distributed DDoS is defined as a type of attack which is performed by a number of
compromised machines which targets the computer system of the victims. The attack floods the
network with data packets (Kaun & Treré, 2018). The attackers help in the manipulation of the
data packets before being assembled in the host. Along with these kinds of attacks, it can be said
that the DDoS attack tools can be very much important for the cybercriminals to carry out a
cyber-security DDoS attack. The different types of tools used in the DDoS attack are as
followings:
Nemesy: Pockets in a network is identified using this tool.
Blast: It is the most commonly used tool for the DDoS attack.
Panther: UDP packets can be stacked in a victims system using this tool.
Botnets: This tool was used in the PopVote DDoS attack of Hongkong in 2014.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBER SECURITY
Description of a DDoS attack
The DDoS attack is usually chosen by the cybercriminals as they do not want any legitimate
users of a system to get the access to a resource such as an Information System used in a
business organization, organizational portal and email (Lau, 2019). The different phases of
DDoS attacks are described below.
The target resources is always the prime target for the cybercriminals.
The web server was hitted with numerous requests at the same time.
The entire network of the organization gets slowed down.
The server fails to respond to each of the requests.
This results in the crashing of the server.
The entire network is disrupted after the servers are crashed down.
The DDoS attacks are common when multiple systems flood the bandwidth or resources
of a targeted system (Shuler & Smith, 2017). The compromise of one of the systems in an
organization may lead to the compromise of the other sections. The below diagram can be very
much important to understand how the attacker of a DDoS attack uses the bot commands for the
IRC server to infect the computer systems of a business organization which are connected to a
web server.
Description of a DDoS attack
The DDoS attack is usually chosen by the cybercriminals as they do not want any legitimate
users of a system to get the access to a resource such as an Information System used in a
business organization, organizational portal and email (Lau, 2019). The different phases of
DDoS attacks are described below.
The target resources is always the prime target for the cybercriminals.
The web server was hitted with numerous requests at the same time.
The entire network of the organization gets slowed down.
The server fails to respond to each of the requests.
This results in the crashing of the server.
The entire network is disrupted after the servers are crashed down.
The DDoS attacks are common when multiple systems flood the bandwidth or resources
of a targeted system (Shuler & Smith, 2017). The compromise of one of the systems in an
organization may lead to the compromise of the other sections. The below diagram can be very
much important to understand how the attacker of a DDoS attack uses the bot commands for the
IRC server to infect the computer systems of a business organization which are connected to a
web server.
CYBER SECURITY
Figure 1: Walk through of DDoS
(Created by the author)
The above pictorial diagram helps in understanding the involvement of a single computer
system to get access to a series of computers in a business organization. The bot commands are
sent to the IRC server as a query by the cybercriminals. The bot command is given from a
computer that is compromised using a malware infection. The bot commands are usually
managed by cybercriminals using the remote controller. Co-ordination is a must among the
group of cyber attackers for the spreading of this attack to the private network of an organization.
The botnets are used either directly or indirectly by the cybercriminals in the DDoS attacks. The
application of the distributive spam email is also in the trend for the social engineers for
spreading of the worms into a private network (Buczak & Guven, 2016). The bot program can
be used by cybercriminals for different types of purposes, firstly the program has the capability
Figure 1: Walk through of DDoS
(Created by the author)
The above pictorial diagram helps in understanding the involvement of a single computer
system to get access to a series of computers in a business organization. The bot commands are
sent to the IRC server as a query by the cybercriminals. The bot command is given from a
computer that is compromised using a malware infection. The bot commands are usually
managed by cybercriminals using the remote controller. Co-ordination is a must among the
group of cyber attackers for the spreading of this attack to the private network of an organization.
The botnets are used either directly or indirectly by the cybercriminals in the DDoS attacks. The
application of the distributive spam email is also in the trend for the social engineers for
spreading of the worms into a private network (Buczak & Guven, 2016). The bot program can
be used by cybercriminals for different types of purposes, firstly the program has the capability
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
CYBER SECURITY
to infect a group of server and returns back to the central server of an organization at the same
time it can be said that the bot program can be very much important to send the spam emails to
the other networks. The repetitive tasks which are done by the bot programs cannot be done by
the social engineers (Bawany, Shamsi & Salah, 2017). All the automated activities of the DDoS
attack are done using the bot commands. In spite of the Computer Misuse Act of 1990, the
application of the bot commands are increasing tangentially over the last 10 years. The following
diagrams will be very much useful to understand the DDoS attack on the application layer.
Figure 2: Example of a protocol attack
(Source: Tsui, 2015)
The prime objective of the DDoS attack on the application layer is the disruption of the
servers or the other intermediate sources such as the security measures which are generally
adopted by most of the business organizations to protect the organizational assets against the
to infect a group of server and returns back to the central server of an organization at the same
time it can be said that the bot program can be very much important to send the spam emails to
the other networks. The repetitive tasks which are done by the bot programs cannot be done by
the social engineers (Bawany, Shamsi & Salah, 2017). All the automated activities of the DDoS
attack are done using the bot commands. In spite of the Computer Misuse Act of 1990, the
application of the bot commands are increasing tangentially over the last 10 years. The following
diagrams will be very much useful to understand the DDoS attack on the application layer.
Figure 2: Example of a protocol attack
(Source: Tsui, 2015)
The prime objective of the DDoS attack on the application layer is the disruption of the
servers or the other intermediate sources such as the security measures which are generally
adopted by most of the business organizations to protect the organizational assets against the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBER SECURITY
cybersecurity issues. The following unit of the paper will be discussing the protocol attacks of
DDoS using a pictorial diagram.
Figure 2: Example of a protocol attack
(Source: Wang et al., 2015)
The cybercriminals of the protocol attacks use the spoofed SYN packers to their targets.
After getting the package, the target waits for the other packages, once the stack is full of packets
the remaining sent packages goes unanswered (Ali et al., 2016). The TCP handshake protocols
are then done by the cybercriminals by sending a huge number of TCP requests. The target
machines also respond to the final step of the handshake.
cybersecurity issues. The following unit of the paper will be discussing the protocol attacks of
DDoS using a pictorial diagram.
Figure 2: Example of a protocol attack
(Source: Wang et al., 2015)
The cybercriminals of the protocol attacks use the spoofed SYN packers to their targets.
After getting the package, the target waits for the other packages, once the stack is full of packets
the remaining sent packages goes unanswered (Ali et al., 2016). The TCP handshake protocols
are then done by the cybercriminals by sending a huge number of TCP requests. The target
machines also respond to the final step of the handshake.
CYBER SECURITY
Identification and explanation of the intracies of the event
The attack on the Democracy voting website in Hong Kong in the year 2014 is
considered as the one of the largest DDoS attack in last 10 years where an online poll platform
which was managed by the University of Hong Kong’s public opinion program. The cloud
service of this organization was also very much consistent in terms of the service they have been
providing over the years. The botnet was used by the cybercriminals to infect the PoPvote voting
website. This DDoS attack was about 300GB/sec. This DDoS attack is considered as one of the
most sophisticated attack in the history of the cyber-crimes. The entire political condition of
Honk Kong was disrupted due to this attack, at the same time it can be said that the mitigation
step taken by the authorities contributed very little to contain the impact of the attack. The basic
laws of Hong Kong were breached as a result of this DDoS attack. A series of DNS sinkholes
were there to track the malicious sources which are involved in the attack. The proposed
candidates from the Chinese government were feeling very much confused about their winning
percentages in the upcoming elections. The Domain Name Service sinkhole was compromised
brutally after the attack. This DDoS attack was considered as the beginning of a new era for
social engineers all around the world. The local internet service providers helped the social
engineers for this attack according to the investigative sources. This incident was severely
criticized all over the world as the professional code of ethics was highly breached after this
attack.
Date of occurrence: The data of occurrence of this dangerous DDoS attack is 18th June
2014. In this data both Apple daily as well as the PopVote.HK both of these entities were badly
hit by this DDoS attack.
Identification and explanation of the intracies of the event
The attack on the Democracy voting website in Hong Kong in the year 2014 is
considered as the one of the largest DDoS attack in last 10 years where an online poll platform
which was managed by the University of Hong Kong’s public opinion program. The cloud
service of this organization was also very much consistent in terms of the service they have been
providing over the years. The botnet was used by the cybercriminals to infect the PoPvote voting
website. This DDoS attack was about 300GB/sec. This DDoS attack is considered as one of the
most sophisticated attack in the history of the cyber-crimes. The entire political condition of
Honk Kong was disrupted due to this attack, at the same time it can be said that the mitigation
step taken by the authorities contributed very little to contain the impact of the attack. The basic
laws of Hong Kong were breached as a result of this DDoS attack. A series of DNS sinkholes
were there to track the malicious sources which are involved in the attack. The proposed
candidates from the Chinese government were feeling very much confused about their winning
percentages in the upcoming elections. The Domain Name Service sinkhole was compromised
brutally after the attack. This DDoS attack was considered as the beginning of a new era for
social engineers all around the world. The local internet service providers helped the social
engineers for this attack according to the investigative sources. This incident was severely
criticized all over the world as the professional code of ethics was highly breached after this
attack.
Date of occurrence: The data of occurrence of this dangerous DDoS attack is 18th June
2014. In this data both Apple daily as well as the PopVote.HK both of these entities were badly
hit by this DDoS attack.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
CYBER SECURITY
Outcome of the chosen incident: The entire city of Hong Kong was affected due to this
DDoS attack. Citizens in large numbers were on the streets for several hours as a protest for the
attack. Being one of the biggest democracies in the world the Chinese government had to
intervene in the investigations of this attack. Protest rallies were there in the streets of Hong
Kong. All the print media and the electronic media of Hong Kong were discussing the reason
behind the issues and experts stated stating their opinion about the attack. The software
collaboration platform and the code hosting is severely affected after this security attack. The
market reputation of the Amazon web services was severely damaged due to this attack. The
DDoS attack also had a direct negative impact on the upcoming election of Hong Kong. The
permanent and the temporary residents of Hong Kong was very much scared after this huge
security attack. The computer systems which were infected due to these attacks did not show any
kinds of symptoms during the attack which can prove the advanced techniques and
methodologies used by the social engineers and the social engineers.
Impact of the chosen incident
Financial: There were numerous impact after the occurrence of this security attack.
There was a huge financial loss for the online pooling agency which was conducting the poll.
The election committee of Hong Kong lost huge amount of money during the attack.
Device affected: The security of the cloud based services such as the cloud flare and the
Amazon web services were severely affected after this DDoS attack.
Aim of security which was breached
The prime aim of the cybercriminals was to show the world that the capabilities of the
social engineers are increasing every day. The main aim of the online poll was to guide the
Outcome of the chosen incident: The entire city of Hong Kong was affected due to this
DDoS attack. Citizens in large numbers were on the streets for several hours as a protest for the
attack. Being one of the biggest democracies in the world the Chinese government had to
intervene in the investigations of this attack. Protest rallies were there in the streets of Hong
Kong. All the print media and the electronic media of Hong Kong were discussing the reason
behind the issues and experts stated stating their opinion about the attack. The software
collaboration platform and the code hosting is severely affected after this security attack. The
market reputation of the Amazon web services was severely damaged due to this attack. The
DDoS attack also had a direct negative impact on the upcoming election of Hong Kong. The
permanent and the temporary residents of Hong Kong was very much scared after this huge
security attack. The computer systems which were infected due to these attacks did not show any
kinds of symptoms during the attack which can prove the advanced techniques and
methodologies used by the social engineers and the social engineers.
Impact of the chosen incident
Financial: There were numerous impact after the occurrence of this security attack.
There was a huge financial loss for the online pooling agency which was conducting the poll.
The election committee of Hong Kong lost huge amount of money during the attack.
Device affected: The security of the cloud based services such as the cloud flare and the
Amazon web services were severely affected after this DDoS attack.
Aim of security which was breached
The prime aim of the cybercriminals was to show the world that the capabilities of the
social engineers are increasing every day. The main aim of the online poll was to guide the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CYBER SECURITY
citizens of Hong Kong as elections were knocking at the door. The security measures taken by
the polling organization were not at all sufficient enough to deal with the threats coming from a
DDoS attack. Further investments in technology are required from the management team of the
Hong Kong democracy voting website. In spite of the security protocols maintained in the
working environment of Amazon Web Services, Cloud Flare this security attack could not be
averted. The attack continued for two day and this resulted in feuds between the political parties
of Hong Kong. The ideologies and approaches of the political parties of Hong Kong were
changed all of a sudden after the attack
Result consequences
The extensive development in the field of Information Technology has opted to the
growth of many new technologies. As a result of the security breach the citizens of Hong Kong
became very much perplexed in nature. The entire networking security of the city was under the
hammer. There are no intentions of extortion for the cybercriminals who were involved in the
attack (Chow, Yau & Li, 2015). The websites of both the ruling party and the opposition party of
Honk Kong were forcefully shut down so that no damage can be done on the reputation of the
parties, as any kinds of negative publicity have a direct impact on the upcoming elections.
Actions taken to address the issue
The following diagram can be very much important to understand the mitigation step
which are adopted by the Hong Kong democracy voting website after the security attack.
citizens of Hong Kong as elections were knocking at the door. The security measures taken by
the polling organization were not at all sufficient enough to deal with the threats coming from a
DDoS attack. Further investments in technology are required from the management team of the
Hong Kong democracy voting website. In spite of the security protocols maintained in the
working environment of Amazon Web Services, Cloud Flare this security attack could not be
averted. The attack continued for two day and this resulted in feuds between the political parties
of Hong Kong. The ideologies and approaches of the political parties of Hong Kong were
changed all of a sudden after the attack
Result consequences
The extensive development in the field of Information Technology has opted to the
growth of many new technologies. As a result of the security breach the citizens of Hong Kong
became very much perplexed in nature. The entire networking security of the city was under the
hammer. There are no intentions of extortion for the cybercriminals who were involved in the
attack (Chow, Yau & Li, 2015). The websites of both the ruling party and the opposition party of
Honk Kong were forcefully shut down so that no damage can be done on the reputation of the
parties, as any kinds of negative publicity have a direct impact on the upcoming elections.
Actions taken to address the issue
The following diagram can be very much important to understand the mitigation step
which are adopted by the Hong Kong democracy voting website after the security attack.
CYBER SECURITY
Figure 3: DDoS mitigation strategy
(Source: Xu & Liu, 2016)
The mitigation process involves three different phases such as the followings:
Diversion: This is the first mitigation step which was adopted by the democracy voting
website. After the identification of the flow of traffic, the diversion was processed. The entire
traffic was re-routed away from the target (Dao et al., 2015). The traffic is filtered very minutely
by the IT experts using the BGP and DNS routing. The following unit of the paper will be
focusing on the filtering of the network
Filtering: After the DDoS traffic is opted out, the patterns adopted by the cybercriminals
can be identified. The legitimate traffic of the system was examined very minutely. The
transparency of the entire network was visible to most of the stakeholders associated with the
website.
Diversion
Filtering
Analysis
Figure 3: DDoS mitigation strategy
(Source: Xu & Liu, 2016)
The mitigation process involves three different phases such as the followings:
Diversion: This is the first mitigation step which was adopted by the democracy voting
website. After the identification of the flow of traffic, the diversion was processed. The entire
traffic was re-routed away from the target (Dao et al., 2015). The traffic is filtered very minutely
by the IT experts using the BGP and DNS routing. The following unit of the paper will be
focusing on the filtering of the network
Filtering: After the DDoS traffic is opted out, the patterns adopted by the cybercriminals
can be identified. The legitimate traffic of the system was examined very minutely. The
transparency of the entire network was visible to most of the stakeholders associated with the
website.
Diversion
Filtering
Analysis
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.