DDOS Attack Tool

After a frustrating and fruitless attempt to obtain customer support from Sony, I’ve come to the conclusion that the average consumer is powerless in modern society; contrary to what the marketing literature says, the customer is always last. To solve this problem, I propose a tool to allow the average consumer to strike back at the corporations who ignore them, and use their own tools of communication against them. And here’s how it might work:

In an event in June 1999, the Electronic Disturbance Theatre successfully held an electronic sit-in, protesting against the Mexican government. The EDT distributed a Java applet via their web site that automated the process of requesting documents from the Mexican government’s web site several times a minute. With an estimated ten thousand users requesting documents from the Mexican government’s web server using the Java applet, the server was soon overwhelmed. While successful, the attack methodology was fairly simple; a newer port scanning tool distributed by the group enables more advanced attacks. However, I have a different tactic in mind to enable more coordinated, and therefore effective acts of electronic civil disobedience.

Just over a year ago, several high-profile sites were reeling from a series of coordinated distributed denial of service attacks; those hit included EBay, and Yahoo. The perpetrator of the attack used a large network of compromised computers to launch the attack over the Internet; these computers had been compromised by a variety of Trojan programs and were required to achieve the density of requests required to overload the victims’ servers.

The tool I’m proposing would work on the same principle, with the exception that the computers involved in the attacks would be involved with the full knowledge of their owners, just like the EDT’s Java applet. Using a similar system to Gnutella, users would be able to enter the location of targets into the client software, and the tool would coordinate with other users’ client software to conduct the attack; in the ultimate form of democracy, the density and ultimate success of the attack would depend on the number of users who allowed their computer to participate.

The software would have a number of unique features, to enable users to fully realize the democratic power of the tool:

  • Configurable Attack Objects: Users should be able to extend the system to enable various modes of attack, from continuous hits, to pulses of activity designed to create the greatest impact on the target system.
  • Configurable Communication Objects: Because so much of a corporation’s ability to succeed depends on resources other than web sites, the client software should be configurable to include addition communications modules. These modules would enhance the range of protocols understood by the clients; potential additional protocols might include LDAP, DNS, HTTPS, and SMTP.
  • Automated Exchange of Configurable Components: If the attack involves a protocol or strategy that your client doesn’t possess, the client software should be capable of finding the necessary resource on the network and installing it.

Other features could include the ability to put the client software into “drone” mode, where it attacks the most popular targets; this would be useful for allowing a user’s machine to be useful when the machine isn’t being used. Finally, the software should allow clients to exchange attack targets, to enable the attack network to outwit attempts by the victim to filter by IP address.