6 DoS attacks that made headlines

dos primary

DDoS attacks in the news

Denial-of-service (DoS) attacks have been part of the arsenal of cyberattackers for about 20 years now, and these attacks are employed by attackers for fun, profit (extortion), as a diversion from another attack, and as acts of protest.

And the attacks continue to evolve as criminals enlist new technologies, like IoT devices, and hone their tactics to cause ever greater damage.

Here are six of the most historic DoS attacks so far.



One of the first denial-of-service attacks to make headlines occurred on February 7, 2000. The Y2K bug was still fresh in the minds of many, and a 16-year-old attacker who went by the name Mafiaboy, launched one of the largest (if not the largest) denial-of-service attacks of the time.

Mafiaboy’s attack disrupted and even briefly knocked big name websites offline, including,, eBay and Yahoo. The attack lasted about a week and throughout much of that time targeted sites couldn’t cope well. According to reports, Mafiaboy had broken into 50 networks and installed software called Sinkhole. He directed Sinkhole to flood the targets with attack traffic.

Following the attack, the Royal Canadian Mounted Police and the U.S. FBI investigated. It turned out not to take much of an investigation: the Canadian youth was found bragging about his exploits online and he was arrested in April 2000.

In September 2001, Michael Calce (aka Mafiaboy) was sentenced in Canadian juvenile court to 8 months “open custody” including time in a detention center, limited access to the internet, and one year probation.

root dns server

Root DNS server

On October 21, 2002 a sustained and coordinated denial of service attack was levied against all 13 of the Domain Name System’s root name servers.

The attack, the first of its kind, wasn’t successful in wreaking havoc on the internet, but it did cause some of the root name serves to be unreachable. The attackers used a botnet to launch bogus traffic and maliciously crafted packets. Thanks to proper configuration as well as considerable overprovisioning of resources, the attack wasn’t as severe as it certainly could have been.

There have been similar follow-on attacks, however the DNS system has proven resilient... so far.

3 estonia cyberattack

Estonia cyberattack

Some have called it the first cyberwar. In April 2007, the nation of Estonia found its government, financial, and media online services knocked offline.

The massive DDoS attack occurred simultaneously with political protests by Russian nationals who were upset about the relocation of a WWII memorial.

The DDoS attacks coincided not only with the protests already underway, but also political and government website defacements and swamping comments sections with commentary.

The DDoS attacks took an extraordinary toll on Estonia, which at the time was on the forefront of e-government, and operated essentially paperless, with the citizenry conduced most of its banking, and even voted, online at the time.

project chanology

Project Chanology

In January 2008, the collective Anonymous launched what it called Chanology in response to the Church of Scientology’s attempt to remove a Tom Cruise Scientology video from online.

For this offensive, Anonymous employed numerous attacks including sharing of Scientology documents online, pranks, pickets, information campaigns targeting the church, and DDoS attacks. The collective certainly got creative, even reportedly faxing black pages on continuous loops to the Church.

This attack in early 2008 was the first spontaneous acts of online social activism that is now common.

operation ababil

Operation Ababil

In the fall and winter of 2012 and 2013, 26 or more U.S. banks were hit with overwhelming storms of internet traffic. While a group calling itself the Izz ad-Din al-Qassam Cyber Fighters claimed responsibility for the DDoS attacks and said they were conducted in retaliation for an anti-Islam video, U.S. government intelligence agencies said they believed that the attacks were driven by retaliation for U.S. sanctions on Iran.

The attacks disrupted, or knocked completely offline, Bank of America, Capital One, Chase, Citibank, PNC Bank, Wells Fargo and others.

While mild compared to the intensity of today’s attacks, at 65 gigabits per second traffic, these attacks managed to disrupt the operations of many banks over roughly six months.

6 mirai iot botnet

Mirai IoT botnet

Mirai is malware that fuels an internet of things (IoT) botnet that has managed to wreak havoc in the past year, including launching one of the most (if not the most) powerful DDoS attacks of all time.

Essentially, Mirai functions by scouring the internet for connected, vulnerable IoT devices and will infiltrate using common factory default credentials, after which it infects those devices with the Mirai malware.

Discovered in August of 2016 by security research firm MalwareMustDie, Mirai botnets have been behind attacks such as those on the website of independent security blogger Brian Krebs and the October 2016 Dyn attack. The Dyn attack resulted in many marquee websites, including Airbnb, GitHub, Netflix, Reddit, and Twitter, being disrupted.

Reports have measured the attack on Krebs’ site at 620 Bbits/s.

Copyright © 2017 IDG Communications, Inc.

Related Slideshows