New data published this week demonstrates the scale and scope of cyber-attacks launched against the official website for the Black Lives Matter movement. Over the course of seven months in 2016, more than 100 distributed denial-of-service (DDoS) attacks were leveled against the site, with the intention of making it inaccessible to visitors.
DDoS mitigation service Deflect Labs was called upon to help the organization respond to these attacks, and today the company published a report spanning from April to October. Attacks began to grow in size and frequency in July, followed by another substantial increase in September and October, according to a report from Motherboard.
Deflect Labs attributes the scale of DDoS operations against Black Lives Matter to the ease of access to materials necessary to carry out such an attack. Its report describes public documentation and malicious software as being “within easy reach,” and notes that actors would only need “basic technical skill” and as little money as $1 to pay for and implement an outage.
It’s thought that even the larger attacks on the Black Lives Matter site were carried out without the need for large infrastructure, and in that sense were akin to the Internet of Things botnet used to assault internet management company Dyn in October. Instead, traffic was apparently “reflected” from legitimate sites built with WordPress and Joomla.
Based on the access Deflect Labs has been given to all legitimate and malicious requests made to the Black Lives Matter website, the company has discerned that a group known as the Ghost Squad Hackers was responsible for much of the malicious traffic. However, there’s also evidence that many unassociated actors “jumped on the bandwagon” and contributed their own, less impactful attacks.
This report should demonstrate just how easy it is to carry out a DDoS attack. Malicious groups can target an organization without needing a huge amount of financial backing, or even in-depth technical knowledge about how to execute the attack — and that suggests that this kind of harassment is only going to become more common going forward.