2 chapter 1 Denial of Service writing, the Estonian government has arrested and convicted just one person: Dmitri Galushkevich, who took part in the attack working from his laptop. DoS attacks are on the rise and can be perpetrated by large-state actors, experi- enced hackers, or even by novices ("script kiddies") following any of the "how-to" manuals found on the Internet. DoS attacks can be launched for any number of rea- sons, from political protest to espionage and even extortion. These attacks can be intentional, like the one just described, or unintentional, like the "Slashdot" effect. As an example of unintentional DoS, suppose several aggregators, including Slashdot A and Digg, B pick up your essay on why Data was the best acting captain in Star Trek history. Now, thousands of people are visiting your site every minute, and the bandwidth allocated to you by your Internet service provider (ISP) is quickly used up. Now nobody can get to your site, not even you. Worst of all, you can't post the adorable video of your cats dressed as the crew of the enterprise. You've been the victim of unintentional DoS. You may even get a bill from your ISP for the extra bandwidth. This chapter will focus on intentional DoS ­ a denial-of-service attack. DoS attacks can be launched for a number of reasons; the Estonia case was a sort of protest but they can be used to damage competitors for financial gain. In 2004, busi- nessman Saad "Jay" Echouafni allegedly hired computer hackers to launch a DoS attack on three of his competitors. Another application of DoS attacks for financial gain is extortion. A company receives a threat that they will be subjected to a DoS attack unless they wire money to an offshore account. In many cases, the company will simply pay. In 2004, Carnegie Mellon University surveyed 100 companies. They found that 17% of medium-size businesses had been the target of some form of cyber-extortion. C HoW DEnIAL of SERvICE WoRKS DoS requires two elements: a resource of finite capacity, and the means to acquire or "use up" the resource faster than it can be replenished. Although we generally think of these attacks in terms of computers, DoS attacks do not have to be network-based. It is possible to have "real-world" DoS attacks, provided you have the above two elements. Real-world examples include the practice of "land blocking" where a company purchases the land around a store to prevent competitors from opening nearby, and many of the methods used by DeBeers to control the diamond market in the twentieth century. D These are examples of a single entity that is powerful enough to consume A http://slashdot.org/ B http://digg.com/ C As of August 2009, the full report is available online: http://heinz-racer.heinz.cmu.edu/whatsnew/ images/CMU_Cyber_Extortion_Study.pdf. D For an excellent history of the diamond market, see The Diamond Ring: Business, Politics, and Precious Stones in South Africa, 1867­1947, by Colin Newbury, Oxford University Press, 1990.