DDoS stands for Distributed Denial of Service. During a DDoS attack, a large number of computers try to make contact with a server, often spread across many locations in the world. In this way, cyber criminals try to overload the server with web traffic.

Servers and the channels that connect servers to the Internet have limited capacity. In order to overload them, cyber criminals deploy ‘botnets’. Botnets are networks of infected computers, controlled by a cyber criminal. By infecting computers (‘bots’) with malware, the criminal continues to expand his network. In the event of a DDos attack, the cybercriminal causes his botnet to flood a server with access requests. The capacity is exceeded and the server is no longer working properly or is completely deadlocked. Visitors can no longer access a website, for example, or an online service is seriously delayed. With this, the cybercriminal has achieved his goal.

Our society is rapidly digitizing. Governments and financial institutions such as banks offer their services online. In addition, an important part of economic traffic takes place in the digital space. DDoS attacks pose a serious threat to the digital society. By shutting down servers, cyber criminals cause major economic and social damage. Customers can no longer reach a webshop, citizens can no longer use a digital government service and savers can no longer access their accounts. This causes major disruption. Another thing that makes DDoS particularly dangerous is the relative ease with which malicious parties can carry out attacks. Malicious parties carry out attacks on DDoS to order. Technical prior knowledge is not required by the person who wants to launch a DDoS attack.

The motivation behind a DDoS attack strongly depends on the attacker. Nevertheless, in general, a number of main motives can be distinguished. The motivation can be of a personal nature. For example, young people who, out of boredom, attack a popular website, or a former employee who, out of resentment, goes after a former employer. In such cases they are usually not hardened criminals. This is different in the case of a DDoS attack with a financial motive. By threatening with a DDoS attack, cyber criminals can blackmail companies. Or they can be hired to attack a competitor. DDoS attacks for political or ideological reasons also occur. Websites of political rivals, critical media or activist groups can be a target for malicious parties.

A DDoS attack cannot be prevented, but it can be averted. There are several ways to prevent a DDoS attack. It is possible to block web traffic from a certain geographical region. Or even all web traffic to a server. However, many organizations choose to use a scrubbing center. Data traffic is guided by specialist equipment and ‘scrubbed clean’. Only legitimate data traffic goes from the scrubbing centre to the destination. A well-known Dutch example is the Nationale Wasstraat (NaWas), managed by the non-profit foundation Nationale Beheersorganisatie Internet Providers (NBIP).

The national anti-DDoS coalition is an alliance against DDoS attacks. The coalition consists of twenty-five organisations including governments, internet service providers, internet exchanges, academic institutions, non-profit organizations and banks. The aim of the coalition is to investigate and combat the subject of DDoS from different angles.

DDoS attacks are constantly changing. Cyber criminals keep a close eye on developments in DDoS protection. As soon as existing network vulnerabilities are better protected, cybercriminals will generally opt for new tactics. DDoS protection therefore requires constant attention. By continuously measuring and investigating DDoS attacks, the coalition stays abreast of recent developments in the field. This not only ensures better protection, but also enables the coalition to take proactive action against DDoS. For example, by developing a database that recognises the ‘fingerprints’ of various DDoS attacks.

The National Anti-DDoS Coalition is a joint initiative of the following parties: AMS-IX, KPN, Police, SURF, DNB, SIDN, National Cyber Security Centre, Betaalvereniging Nederland, Universiteit Twente, NL-ix, Belastingdienst, Agentschap Telecom, Stichting Digitale Infrastructuur Nederland, Stichting NBIP and VodafoneZiggo.