Silencing your voice: DDoS attacks taking aim at comment systems

cyber-attack

When you hear a DDoS attack shut down internet users’ ability to submit comments, you might not be too worried about it. After all, you might think, what are we as a society really missing out on if RazmoSpinazzi is unable to add “Jesus was an extraterrestrial” to a discussion on climate change?

However, for organizations and website owners of all types and sizes, users being unable to submit comments in this age of engagement and user-generated content can be a very bad thing indeed. In one case, it might even be threatening net neutrality.

DDoS and the open internet

A DDoS or distributed denial of service attack is one that seeks to keep users from accessing a website or online service. It does so by bombarding the website or service in question with massive amounts of malicious traffic or requests from a botnet. DDoS attacks are nothing new and in fact have been making major headlines for the last few years. Attacks specifically targeting comment systems are somewhat novel, however, and these attacks have made a big splash by targeting the Federal Communications Commission, or FCC.

Under the current United States administration, the FCC is considering doing away with net neutrality, which is the basic guiding principle that allows internet users to access the websites and applications they want to access without internet service providers blocking, or favoring, any particular websites or applications. Before this happens, the FCC is inviting internet users to submit their comments on the proposed changes using their electronic comment filing system.

Understandably, this intended revocation of the freedom of internet has fired up a lot of people, including late night talk show host John Oliver. Just as he urged viewers to make their voices heard using the FCC’s electronic comment filing system, that system was hit by a DDoS attack, leaving millions unable to register their arguments against the end of net neutrality.

Peaceful protest?

Government websites and services are no stranger to distributed denial of service attacks. In fact, DDoS attacks have been used as a form of protest since 1995, when a protest group out of Italy targeted the French government’s website over France’s nuclear policy.

Governments have only grown as a target since then. For example, in 2007 Estonia famously suffered DDoS-related outages for weeks in protest of a WWII memorial being moved, the Ukraine was walloped in 2008 as a result of NATO protests, Tunisia was targeted in 2011 as a result of the Jasmine Revolution, and in 2014 hacktivist group Anonymous took down the website of the Brazilian government in protest of the FIFA World Cup.

The attacks on the FCC’s comment filing system stands apart from most DDoS protests in that though the damage was done to the FCC’s website, and it was the FCC stuck footing the bill for mitigation efforts, it was the American people who were most harmed by it as they were unable to make their voices heard on the topic of net neutrality. It was almost a protest of a protest.

Larger lessons

Not all attacks on government websites and services are protest-motivated, of course. Many attacks are state-sponsored, coming from other nations, and some DDoS attacks on government organizations and institutions are smokescreens for data intrusions.

It isn’t news to anyone that government websites need to be well protected against DDoS attacks. It may be noteworthy that government websites now need to specifically protect their comment systems, but again, most people would barely blink at this development.

What they may blink at is the news that their own comment systems need to be protected. Rare is the business or website that doesn’t incorporate some form of commenting system. Many organizations and websites rely on engagement with their audiences, either for user-generated content or to create the kind of social atmosphere today’s internet users crave. When this engagement becomes difficult or altogether impossible, user interest is understandably eroded. Why struggle to submit content to a website when it’s so easy to submit it on any number of other popular sites? Many companies live and die by their audience engagement, and if attacks on commenting systems become a trend, the number dying by it will increase.

On today’s internet, professional DDoS protection is a necessity for websites ranging from whitehouse.gov to the Mom and Pop online shop selling homemade fudge. If users get left in the cold by DDoS-caused outages, they’ll simply find a warmer corner on the internet in which to spend their time. There is always going to be another climate change article just waiting for exciting facts about extraterrestrials.