What is….. a DDoS attack?

If you use the internet or game online you may be affected by a DDoS attack. Discover what it is and the reasons attacks take place.

In the ever-changing world of high-tech gadgets and gizmos, a whole load of jargon is thrown our way that many of us don’t necessarily understand.

Here we explain what a DDoS attack is.

What is a DDoS attack?

DDoS stands for a ‘Distributed Denial of Service’ and is a type of cyberattack.

A DDoS attack is when a website or online service is hit by lots and lots of traffic from multiple sources in an attempt to bring it down.

The website/service is usually so overwhelmed with the requests it will not be able to function properly and will crash.

The traffic comes from ‘botnets’ - thousands of computers affected by malware, but because there so many of them based all around the world, it’s hard to tell the difference between them and real traffic.

Who or what is the target of DDoS attacks?

Businesses are usually the target.  This can have a devastating effect – when a website is down, it can’t trade or fulfil customer needs. As well as affecting day-to-day business and profit, it costs money to fix and harms reputations.

DDoS attacks can happen to big and small companies.

In December 2015 the BBC website was unavailable for a short period of time because of a DDoS attack. It took several hours to fix, during which time people couldn’t access the news or the iPlayer.

A recent DDoS attack on Pokemon Go affected the servers, so people couldn’t log on to the game.

Why do DDoS attacks take place?

The type of attackers and their motives vary.

Some groups or individuals launch and threaten to launch DDoS attacks for financial purposes, extorting money with the threat of an attack and, if an attack takes place, demanding ransom money.

Other attacks are aimed at rival companies, Reddit rival Voat was subjected to a DDoS attack, with suggestions some Reddit users were involved.

‘Hacktivists’ – those who hack computers in the name of political and social causes sometimes use DDoS attacks to protest about political issues, such as human rights and freedom of speech.

The most famous group of hacktivists is ‘Anonymous,’ which has launched DDoS attacks on the official Vatican, Republic of Cyprus and Westboro Baptist Church websites among others.

Some individuals or groups just enjoy creating DDoS attacks. So-called ‘script kiddies’ often target video games servers, so other gamers can't play.

How to protect yourself from a DDoS attack

Action Fraud, the UK’s national fraud and cyber-crime reporting centre, has three tips to help businesses:

Tip 1: To protect yourself from a DDoS attack, particularly a large, sustained one, you need technical knowledge and infrastructure. Some ISPs offer DDoS mitigation services to their business customers. If yours doesn’t, research cloud DDoS mitigation providers.

Tip 2: If you receive emails threatening a DDoS attack and demanding ransom money, don’t delete the email. It may contain data about the email’s origin.

Remember not every threat is legitimate, some are just trying to extort money from you and don’t have the facility to launch a DDoS attack.

Tip 3: If you are a victim of a DDoS attack, it’s tempting to pay the ransom - don’t. It could encourage future attacks and further demands.

Read more about computer security in our article: Free virus protection: 10 ways BT's free software keeps you safe online.

Visit ActionFraud for more information about cyber-crime and how to report it.

More from BT