A new study has found that distributed denial-of-service (DDoS) attacks dramatically decrease during holidays. But it's not because hackers are devoutly religious; it's because their victims give their computers the day off too.
DDoS attacks rely on botnets to pummel websites with massive amounts of access requests that causes them to overload and shut down. Botnets are comprised of many infected computers that aid criminals right under the noses of their owners. When the computers are shut down, however, botnet controllers aren't able to use them.
Computer Security firm CloudFlare, a young startup that will provide free Web security services, presented research at the Virus Bulletin Conference in Dallas yesterday (Sept. 26) that shows huge drops in the number of IP addresses being used to maliciously overwhelm websites that coincide with long weekends and other observances.
CloudFlare's network, which deals with 64 billion page views each month, constantly feels the pressure as their customers' websites come under attack. The data it collects repelling those attacks paints an interesting picture of how and when DDoS attacks ebb with the holidays.
A CloudFlare graph shows large stalactites that represent drop-offs in DDoS attacks around three-day weekends such as Presidents Day and Memorial Day, the Fourth of July and Earth Day. Environmentally conscious owners of infected machines may inadvertently be improving the health of web as they promote a cleaner, greener planet. Although the attacks abate only temporarily, to IT teams everywhere, it's probably a welcome reprieve.
San Francisco-based CloudFlare gained media attention last summer when they were endorsed by hacktivist group LulzSec. When the collective with loose ties to Anonymous hackers came under attack from rival groups, CloudFlare was able to keep the Lulz servers online. In June 2011, LulzSec tweeted to CloudFlare founder and CEO Matthew Prince in appreciation. "@eastdakota We love CloudFlare, Mr. CEO of CloudFlare. Can we have a free premium membership in return for rum?"
Prince tweeted back, "@LulzSec how are you enjoying #cloudflare any good?" but the lighthearted exchange soon put CloudFlare face-to-face with the CIA.
"They caused a lot of problems. We made a lot of friends in intelligence agencies," he said. "When they took down the Central Intelligence Agency website, that was a difficult day for us to be us," Prince told ZDNet in June 2011. "We literally sat in the crossfire of that."
Despite leading to a spike in signups for CloudFlare, providing security for the Internet's most wanted hackers, like defending a suspect in a high-profile trial case, can be an uncomfortable spot to be in. Prince said to AllThingsD, also in June 2011, that he wished CloudFlare's path to success and notoriety had been different.
"If I had my choice of a marquee client to show off the abilities of our service, this is certainly not who I would have chosen," Prince said. "We're very sensitive to the sort of problems that groups like this have caused."
No matter what day of the year it is, users can always protect their computers from unwittingly participating in a botnet's illegal activities just by letting it rest. Even an infected computer is useless to a botnet controller when it’s powered off.
Follow Ben on Twitter.