Distributed denial-of-service (DDOS) attacks are becoming more and more common with many organizations beginning to realize that they need to use mitigation services to protect their websites against such cyberattacks.
DDOS attacks are launched by various types of actors. They’re used by companies to disrupt the competition, cybercriminals use them for blackmail, and hacktivists rely on them as a form of protest.
These cyberattacks can result in considerable losses, especially if they’re launched against the website of a company that depends on it for business operations. However, as far as hacktivist attacks are concerned, I don’t know of any operation relying on DDOS attacks that has made a difference, one that has influenced political or business decisions.
For instance, a few years ago, Anonymous hackers launched a massive DDOS attack against PayPal after the company decided to stop processing donations to WikiLeaks. PayPal claimed to have spent a lot of money to recover from the attack and to implement protection mechanisms, but the company didn’t turn back on its decision because of the hacktivist campaign.
Another massive campaign that relied on DDOS attacks was the one launched against several US government and anti-piracy outfits after the shutdown of Megaupload in January 2012. The sites of the US Department of Justice, the FBI, the White House, HADOPI, RIAA, MPAA, the Belgian Anti-Piracy Federation, and the Warner Music Group’s websites were shut down.
While this was one of the biggest DDOS attack operations launched by hacktivists, no one said “OK, let’s restore Megaupload because people are unhappy.”
Shortly after the Megaupload DDOS attacks, members of the Anonymous movement submitted a petition to the White House asking the Obama administration to make such cyberattacks a legal form of protesting.
“It is [...] no different than any ‘occupy’ protest. Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time,” the hacktivists said at the time.
However, DDOS attacks are still illegal. Many Anonymous and other hacktivists still rely on them because it’s difficult for authorities to trace the attackers, but they never directly influence any decisions.
When they’re launched against the websites of a government, I think they’re the least effective. Most government agencies don’t really care about their websites being unavailable for a couple of hours or more.
On the other hand, DDOS attacks have often turned out to be an efficient way to raise awareness of a certain cause. The media usually covers cyberattacks aimed at government or other high-profile websites so people from all over the world learn about the “injustices” that take place.
For instance, the recent OpKillingBay, the campaign initiated in an effort to put an end to the killing of dolphins in Japan, has been fairly successful in raising awareness. Hacktivists DDOSed a bunch of websites related to the activities in Japan, and while they haven’t caused any damage, people from all over the world voiced their support on social media websites.