?

幾天，針對(duì)互聯(lián)網(wǎng)域名服務(wù)提供商Dyn，黑客組織發(fā)動(dòng)了前所未有的大規(guī)模攻擊，Twitter和貝寶（Paypal）等主要網(wǎng)站受到波及均無法訪問。然而，這次攻擊的動(dòng)機(jī)卻不太明確，因?yàn)樗坪鯖]有什么寶貴的信息遭竊。一個(gè)名為New World Hackers的組織聲稱對(duì)此次攻擊負(fù)責(zé)，但是他們敘述的動(dòng)機(jī)卻自相矛盾——安全專家們認(rèn)為他們是“冒名頂替”。

還有誰可能是罪魁禍?zhǔn)?？這種攻擊被稱作分布式拒絕服務(wù)（DDoS）攻擊，已經(jīng)出現(xiàn)過一段時(shí)間了。盡管許多DDoS攻擊都是出于政治、報(bào)復(fù)或是釣魚的目的，但其中往往涉及金錢利益。

例如，DDoS攻擊常被用作敲詐勒索的手段。一旦黑客組織有能力構(gòu)建危險(xiǎn)的大型僵尸網(wǎng)絡(luò)來讓服務(wù)器癱瘓，并以此打響了名聲，就能向害怕面對(duì)攻擊的公司收取高額的“保護(hù)費(fèi)”。實(shí)際上，他們甚至都沒必要去攻擊——最近的一個(gè)案件中，有人假裝某個(gè)臭名昭著的黑客團(tuán)伙發(fā)送敲詐郵件，在被揭發(fā)前，他們已經(jīng)騙到了幾萬美元。

在這個(gè)案例中，有傳聞稱Dyn在遭到攻擊前，就是被勒索的目標(biāo)之一。這次史上最大DDoS攻擊的幕后黑手可能已經(jīng)得到了大量金錢，才放過了其他公司。一系列冒名頂替的騙子可能也在其中獲利。

在金錢的驅(qū)動(dòng)下，DDoS攻擊還有另一個(gè)更陰暗的用途——業(yè)內(nèi)破壞。意圖削弱競(jìng)爭(zhēng)對(duì)手的公司可能會(huì)雇傭黑客讓對(duì)手的網(wǎng)絡(luò)崩潰。許多所謂的“booter”網(wǎng)站都提供DDoS服務(wù)，任何人都可以在其上付費(fèi)使用黑客的僵尸網(wǎng)絡(luò)，在15分鐘內(nèi)發(fā)動(dòng)攻擊。

研究人員在去年發(fā)現(xiàn)，這類網(wǎng)站中最著名的三個(gè)，合計(jì)擁有超過6,000名用戶，他們已經(jīng)發(fā)動(dòng)了超過60萬次攻擊。（盡管比特幣有著為犯罪交易提供環(huán)境的惡名，但到目前為止，支付DDoS攻擊費(fèi)用的最常用途徑是貝寶。）

不過，這次攻擊不太像是Dyn的競(jìng)爭(zhēng)對(duì)手所做——這種策略主要吸引的似乎是那些聲名狼藉的商人們，包括網(wǎng)絡(luò)賭場(chǎng)運(yùn)營商。

最后，DDoS攻擊還可以作為更直接、獲利更大的犯罪行為的掩護(hù)。當(dāng)安全團(tuán)隊(duì)努力應(yīng)對(duì)僵尸網(wǎng)絡(luò)大軍對(duì)系統(tǒng)的進(jìn)攻時(shí)，攻擊者可以趁機(jī)獲得密碼、信用卡號(hào)或身份信息。

在針對(duì)10月21日攻擊的那份可能的解釋里，提到的流量攻擊規(guī)模之大有必要一提。即便New World Hackers對(duì)此負(fù)責(zé)的聲明值得懷疑，但他們表示涌入Dyn服務(wù)器的數(shù)據(jù)流量高達(dá)1.2Tbps，這一點(diǎn)既貌似真實(shí)，又令人震驚。這大約是上個(gè)月Krebs on Security遭到攻擊時(shí)的620Gbps流量的兩倍。Dyn也表示，這次攻擊十分復(fù)雜，分為三波，針對(duì)了系統(tǒng)中不同的部分。

這樣的操作仿佛像是一群小孩為了好玩——這種情況更加可怕。不過這樣大規(guī)模的攻擊，意味著背后的動(dòng)機(jī)更大，牽涉的利益恐怕也更大。（財(cái)富中文網(wǎng)）

譯者：嚴(yán)匡正

Yesterday’s attack on the internet domain directory Dyn, which took major sites like Twitter and Paypal offline, was historic in scale. But the motivation for the attack may seem opaque, since no valuable information seems to have been stolen. A group called New World Hackers is claiming credit, but giving conflicting accounts of their motives—and security experts have called them “impostors.”

So why else might someone have done it? This class of hack, known as a distributed denial of service (DDoS) attack, has been around for a while. And while many DDoS attacks are indeed motivated by politics, revenge, or petty trolling, there’s frequently money involved.

For instance, DDoS attacks are often used as leverage for blackmail. Once a hacking group has a reputation for being able to field a large and dangerous botnet to knock servers offline, they can demand huge ‘protection’ payments from businesses afraid of facing their wrath. In fact, they don’t even have to do the hacking in the first place—in one recent case, someone posing as a notorious cabal merely emailed blackmail messages and managed to pocket tens of thousands of dollars before they were exposed.

In the current case, there are rumors that Dyn was a target of extortion attempts before the attack. And the hackers behind what may be the biggest DDoS attack in history could demand a pretty penny to leave other companies alone. A wave of impostors will likely give it a shot, too.

There’s another, even darker money-driven application of DDoS attacks—industrial sabotage. Companies seeking to undermine their competition can hire hackers to take the other guys offline. DDoS services are often contracted through so-called “booter” portals where anyone can hire a hacker’s botnet in increments as small as 15 minutes.

Researchers found last yearthat three of the most prominent booter services at the time had over 6,000 subscribers in total, and had launched over 600,000 attacks. (And despite the criminal reputation of Bitcoin, by far the largest method used to pay for DDoS-for-hire was Paypal.)

But it’s unlikely that this was some sort of hit called in by a competitor of Dyn—that tactic seems to primarily appeal to already-shady dealers, including online gambling operations.

Finally, DDoS attacks can serve as a kind of smokescreen for more directly lucrative crimes. While a security team is struggling to deal with an army of zombie DVRs pummeling their system, attackers can grab passwords, credit card numbers, or identity information.

In weighing possible explanations for Friday’s attack, it’s important to note the massive scale of the thing. Even if their claims of responsibility aren’t credible, New World Hackers’ description of about 1.2 terabits of data per second thrown at Dyn’s servers is both vaguely plausible and utterly mind-boggling. That’s around twice as powerful as the huge 620 gigabit per second attack that knocked out a single website, Krebs on Security, last month. Dyn has also described the attack as sophisticated, arriving in three separate waves that targeted different parts of their systems.

That kind of operation could have been pulled off by a gang of kids doing it for kicks—and maybe that’s the scarier scenario. But such a massive undertaking suggests bigger, and possibly more lucrative, motivations.