黑客发动网络攻击图什么？

几天，针对互联网域名服务提供商Dyn，黑客组织发动了前所未有的大规模攻击，Twitter和贝宝（Paypal）等主要网站受到波及均无法访问。然而，这次攻击的动机却不太明确，因为似乎没有什么宝贵的信息遭窃。一个名为New World Hackers的组织声称对此次攻击负责，但是他们叙述的动机却自相矛盾——安全专家们认为他们是“冒名顶替”。

还有谁可能是罪魁祸首？这种攻击被称作分布式拒绝服务（DDoS）攻击，已经出现过一段时间了。尽管许多DDoS攻击都是出于政治、报复或是钓鱼的目的，但其中往往涉及金钱利益。

例如，DDoS攻击常被用作敲诈勒索的手段。一旦黑客组织有能力构建危险的大型僵尸网络来让服务器瘫痪，并以此打响了名声，就能向害怕面对攻击的公司收取高额的“保护费”。实际上，他们甚至都没必要去攻击——最近的一个案件中，有人假装某个臭名昭著的黑客团伙发送敲诈邮件，在被揭发前，他们已经骗到了几万美元。

在这个案例中，有传闻称Dyn在遭到攻击前，就是被勒索的目标之一。这次史上最大DDoS攻击的幕后黑手可能已经得到了大量金钱，才放过了其他公司。一系列冒名顶替的骗子可能也在其中获利。

在金钱的驱动下，DDoS攻击还有另一个更阴暗的用途——业内破坏。意图削弱竞争对手的公司可能会雇佣黑客让对手的网络崩溃。许多所谓的“booter”网站都提供DDoS服务，任何人都可以在其上付费使用黑客的僵尸网络，在15分钟内发动攻击。

研究人员在去年发现，这类网站中最著名的三个，合计拥有超过6,000名用户，他们已经发动了超过60万次攻击。（尽管比特币有着为犯罪交易提供环境的恶名，但到目前为止，支付DDoS攻击费用的最常用途径是贝宝。）

不过，这次攻击不太像是Dyn的竞争对手所做——这种策略主要吸引的似乎是那些声名狼藉的商人们，包括网络赌场运营商。

最后，DDoS攻击还可以作为更直接、获利更大的犯罪行为的掩护。当安全团队努力应对僵尸网络大军对系统的进攻时，攻击者可以趁机获得密码、信用卡号或身份信息。

在针对10月21日攻击的那份可能的解释里，提到的流量攻击规模之大有必要一提。即便New World Hackers对此负责的声明值得怀疑，但他们表示涌入Dyn服务器的数据流量高达1.2Tbps，这一点既貌似真实，又令人震惊。这大约是上个月Krebs on Security遭到攻击时的620Gbps流量的两倍。Dyn也表示，这次攻击十分复杂，分为三波，针对了系统中不同的部分。

这样的操作仿佛像是一群小孩为了好玩——这种情况更加可怕。不过这样大规模的攻击，意味着背后的动机更大，牵涉的利益恐怕也更大。（财富中文网）

译者：严匡正

Yesterday’s attack on the internet domain directory Dyn, which took major sites like Twitter and Paypal offline, was historic in scale. But the motivation for the attack may seem opaque, since no valuable information seems to have been stolen. A group called New World Hackers is claiming credit, but giving conflicting accounts of their motives—and security experts have called them “impostors.”

So why else might someone have done it? This class of hack, known as a distributed denial of service (DDoS) attack, has been around for a while. And while many DDoS attacks are indeed motivated by politics, revenge, or petty trolling, there’s frequently money involved.

For instance, DDoS attacks are often used as leverage for blackmail. Once a hacking group has a reputation for being able to field a large and dangerous botnet to knock servers offline, they can demand huge ‘protection’ payments from businesses afraid of facing their wrath. In fact, they don’t even have to do the hacking in the first place—in one recent case, someone posing as a notorious cabal merely emailed blackmail messages and managed to pocket tens of thousands of dollars before they were exposed.

In the current case, there are rumors that Dyn was a target of extortion attempts before the attack. And the hackers behind what may be the biggest DDoS attack in history could demand a pretty penny to leave other companies alone. A wave of impostors will likely give it a shot, too.

There’s another, even darker money-driven application of DDoS attacks—industrial sabotage. Companies seeking to undermine their competition can hire hackers to take the other guys offline. DDoS services are often contracted through so-called “booter” portals where anyone can hire a hacker’s botnet in increments as small as 15 minutes.

Researchers found last yearthat three of the most prominent booter services at the time had over 6,000 subscribers in total, and had launched over 600,000 attacks. (And despite the criminal reputation of Bitcoin, by far the largest method used to pay for DDoS-for-hire was Paypal.)

But it’s unlikely that this was some sort of hit called in by a competitor of Dyn—that tactic seems to primarily appeal to already-shady dealers, including online gambling operations.

Finally, DDoS attacks can serve as a kind of smokescreen for more directly lucrative crimes. While a security team is struggling to deal with an army of zombie DVRs pummeling their system, attackers can grab passwords, credit card numbers, or identity information.

In weighing possible explanations for Friday’s attack, it’s important to note the massive scale of the thing. Even if their claims of responsibility aren’t credible, New World Hackers’ description of about 1.2 terabits of data per second thrown at Dyn’s servers is both vaguely plausible and utterly mind-boggling. That’s around twice as powerful as the huge 620 gigabit per second attack that knocked out a single website, Krebs on Security, last month. Dyn has also described the attack as sophisticated, arriving in three separate waves that targeted different parts of their systems.

That kind of operation could have been pulled off by a gang of kids doing it for kicks—and maybe that’s the scarier scenario. But such a massive undertaking suggests bigger, and possibly more lucrative, motivations.