Need to Know: Denial of Service

Twitter and Facebook were yesterday hit by a denial of service attack, leaving social networkers unable to update the world on the minutiae of their lives for hours.

While such attacks don't compromise personal data or breach security, they are serious business.

What is a Denial of Service (DoS) attack?

Also referred to as a distributed denial of service attack, the method's genius lies in its simplicity. Rather than take a system down by hacking in through the back door, the attack goes in through the front. It works by sending a flood of requests to a site possibly using a botnet, or by sending out spam thereby crashing it.

No internal systems are compromised; they're just overloaded it's just an angry traffic spike. No personal data is lost and systems are secure, but users can't get to the site.

Sophos security researcher Graham Cluley had a lovely description of the attack. "It's a bit like 15 fat men trying to get through a revolving door at the same time - nothing can move," he wrote on his blog following the Twitter attack.

How serious are they?

If you're running an ecommerce site, the hit to your potential business is clear. But other businesses can be targeted, too. There are stories of criminals blackmailing companies pay up, or face a DoS attack.

Companies running with a bandwidth limit may have to pay up to get their site back online, and some attacks are so vicious hardware might need to be replaced.