There are Chinese websites offering distributed-denial-of-service (“DDoS”) attacks for sale. Reminder: DDoS attacks generally involve a hacker taking control of a bunch of internet connected computers, or botnets, and telling them to flood a webserver with enough activity to crash the system. While Chinese sites get a lot press, there are plenty of other places to purchase botnet attacks. You can even specify how many botnets you want flooding a particular system and for how long. I read on a web forum that you can rent 1,000 botnets for an hour for as little as $25.
And for that, I’m thankful.
What? You heard me.
We used to think of hacking as an activity reserved for evil geniuses with rare abilities. Like Dade “Zero Cool” Murphy from “Hackers,” or Gavin Orsay in “House of Cards.” Because so few people were capable of launching attacks, we perceived the likelihood of their occurrence as, well, unlikely.
The ability to cheaply buy hacking attacks may have two positive consequences. First, it should dispel any remaining belief that hacking attacks are rare or unlikely to affect a particular target. Hacking attempts are common, and now anyone can cause them. As attempts have increased, the number of immune targets has dwindled to nearly nada. Fact: hacking attempts are an omnipresent threat that must be dealt with by every business.
The second positive consequence is more of a hypothesis at this point. As botnet attacks flood our systems with increasing frequency, our IT security should become stronger, whether because a greater variety of threats become recognizable by our firewalls or because the rising number of attacks cause software developers and businesses to invest greater resources in defensive measures. Whether the story unfolds this way remains to be seen, but it makes good sense. Don’t you think?
At a minimum, the $25 hack-attack should at least grab people’s attention. And given the stakes, for that, I am thankful.