DDoS becomes ordinary

DDoS becomes ordinary

DDoS becomes ordinary

As discussed, central aspects that are characteristic for the development of the DDoS landscape are the growing complexity of motives and the automation and consolidation of DDoS capabilities. These developments have contributed to DDoS attacks becoming a persistent, rather than an exceptional phenomenon, ⁶⁵ and have resulted in an increasing reliance of activist organisations on professional protection services. Whereas the existing scholarship has primarily focused on DDoS as a tactic employed by activist organisations, the shift towards DDoS as a persistent phenomenon necessitates a stronger focus on how they are subjected to such attacks. From being a tool in the hacktivist arsenal – as the periodisations discussed above portray it – DDoS has turned into an aspect of the material infrastructural conditions of online activism. This calls for a stronger engagement with the systemic consequences of DDoS protection requirements and a critical investigation of the actors providing such services.

A productive theoretical approach to guide such an investigation is developed by Burkart and McCourt, who focus on the productive or systemic consequences of hacking rather than on its exceptional or disruptive qualities. ⁶⁶ A key argument in their analysis, based on a political economy perspective, is that hacking creates particular kinds of economic risks. Systemically speaking, “the market processes these risks by commodifying them.” ⁶⁷ The authors point towards the global increase in

⁶⁵ Mattijs Jonker et al., “Millions of Targets under Attack: A Macroscopic Characterization of the DoS Ecosystem”, in Proceedings of the 2017 Internet Measurement Conference, IMC ’17 (New York, NY, USA: Association for Computing Machinery, 2017), 100-113.

⁶⁶ Patrick Burkart and Tom McCourt, “The International Political Economy of the Hack: A Closer Look at Markets for Cybersecurity Software”, Popular Communication 15, no. 1 (2017): 37-54.

⁶⁷ Burkart and McCourt, “The International Political Economy of the Hack”, 41.

cybersecurity spending, which indicates a growing market for both cybersecurity tools and services and insurance against hacking losses as well as increasing venture capital that flows into cybersecurity companies.

While their analysis focuses on hacking in general, the core argument holds for DDoS attacks as well. For companies, the inaccessibility of content due to a DDoS attack, even if it is temporary, poses a direct financial risk. For activist or journalistic websites, DDoS attacks represent a risk that relevant information is withheld from public debate. In both cases, DDoS attacks can also negatively impact on organisations’ reputation, economy and public support. Providers of commercial DDoS protection seize upon this opportunity, marketing their services towards larger corporations that are prepared to invest substantially in IT security. Actors that are considered to be leading in this particular field are Akamai, Cloudflare, Imperva and Radware.⁶⁸ The increase of Cloudflare’s market capitalisation from 5 billion dollars in 2019 to 23 billion dollars in 2020 gives an indication of the growing relevance of this form of “risk processing.” According to a 2019 forecast, the global market for DDoS protection and mitigation is expected to almost double from 2.4 billion in 2019 to 4.7 billion in 2024. ⁶⁹

DDoS protection services rely on a combination of different techniques for identifying and filtering out malicious traffic. This is increasingly done as a service and on the network level, which implies that the owner of a website agrees to route all incoming traffic through the servers of the protection provider. There, the traffic is analysed in order to identify patterns that can be linked to known attacks, sometimes also involving assessments of individual IP addresses’ reputation. Scale is a significant aspect in this regard, since the performance of filtering mechanisms can be improved by analysing large amounts of attack data, especially when these mechanisms are based on Machine Learning. But scale is also an advantage when it comes to the size of the provider’s network. For example, the Content Delivery Networks of Akamai and Cloudflare play an increasingly central role for the distribution of large files across the web, e.g., for streaming services, by means of

⁶⁸ David Holmes, “The Forrester WaveTM: DDoS Mitigation Solutions, Q1 2021”, 2021, https://www.a10networks.com/wp-content/uploads/The-Forrester-Wave-DDoS-MitigationSolutions-Q1-2021.pdf.

⁶⁹ MarketsandMarkets, “DDoS Protection and Mitigation Market by Solutions & Services – 2024”, July 2019, https://www.marketsandmarkets.com/Market-Reports/ddos-protection-mitigation-market111952874.html.

redundant local storing and dedicated private networks. ⁷⁰ However, their bandwidth capacities, along with high flexibility when it comes to traffic management, also provides effective measures against DDoS attacks.⁷¹

The commercial offerings of these protection providers are out of reach for under-resourced NGOs. They therefore rely on free versions of protection services, sometimes involving limits on the volume of attack traffic that is processed. Cloudflare has gained a dominant position in this field by offering free basic DDoS protection services without volume limitations. There are also more comprehensive free protection programmes specifically geared towards human rights organisations and journalistic outlets, such as Google’s “Project Shield”⁷² and Cloudflare’s “Project Galileo.” ⁷³ Similar advanced protection programmes for independent media organisations and NGOs are offered by non-commercial providers such as eQualitie⁷⁴and Qurium. ⁷⁵

Even if NGOs, thus, have a number of options to choose from, they have, structurally speaking, become dependent on the free DDoS protection services provided by the above companies and organisations. The fact that the market for DDoS protection is dominated by few actors and that scale favours the largest ones, raises concerns about growing market concentration in this area.

DDoS becomes ordinary

Table of Contents