Thursday, August 06, 2009

Why Denial of Service is the Dumbest "Hack"

Large chunks of Web 2.0 are not working this morning, apparently because of one or more denial of service attacks. Users of Twitter, Facebook--and many apps and blogs which rely on those services for authorization credentials--are feeling understandably frustrated, yours truly included.

While reports that this DoS event is DefCon-related appear to be mere rumor at this point, it bears repeating: Denial of Service is the Dumbest Hack!

Since the first computer was plugged in, anyone with opposable thumbs has been able to execute a denial of service attack. DoS attacks are like the boiled egg of hacking. The fact that computers connected into a network can be disrupted is old news. Proving it with a DoS attack proves nothing new. So what is the point? Do we want the world to sit up and say "Gosh! All this stuff is connected, and if one part goes down many others are also affected."

Yawn! That is known, proven, accepted, it's history. All you gain by executing such an attack is a lot of anger directed at you by the millions of people whose lives you are messing about. You do not win any prizes for figuring out how to do this. The people who lead the field in figuring out how to execute DoS attacks are the kind of folks who do not execute them.

I watched one of those people demonstrate, in 1996, how to take down any web site with a 386 PC and 28Kbps modem. That was not at DefCon but in a tiny lab somewhere. But I did speak at DefCon that year and gained a lot of respect for serious hackers, not because they wrecked things, but because they had figured out how to, yet they refrained from using that knowledge for gain or fame or to piss people off. Would that all hackers followed that code.