A couple of decades ago the infected machines would basically connect a client to IRC, and the attack would be directed by commands in an IRC channel. The coordinator would connect to IRC via a proxy/vpn to issue the command. Even years ago it would be difficult to track the person doing the attack, and now we have TOR…

If someone is caught it’ll probably be because they boasted about it on a forum somewhere, with a login name they used for something else that is then linked.

Basically DDOS is when a lot of computers try and connect to the server at the same time to overwhelm it.

The reason why people can DDOS multibillion dollar companies is because

1. They have a lot of computers under their disposal (i.e their botnet is very big)
2. There is some weakness in the server it self.

Most of the case, it is a combination of these two.

As for tracking, yes it is absolutely possible to track down who initiated the DDOS, though it does take some work.

Essentially, there is a virus on a million computers out there that can give someone control over those computers.

When that guy gives the right command, all those computers start asking a server for information, and the server fails.

It is very hard, often impossible to track down who did it, if they are smart.

What is the hacker’s incentive for DDOSsing the servers?

Let’s say there was a free text service that texted you the weather if you sent it a text first. You want to mess with your friend so you text the service but tell it to respond to your friends number!

Now the service doesn’t want to miss sending you a message so it automatically tries again 4 times if it doesn’t go through.

If just you did that its annoying but not enough to cripple your friends phone. But if you got 20 of your buddies to play along and do it then now your buddies phone can’t keep up. The message service isn’t getting messages through so it keeps trying 4x (for each missed request). At some point your buddy and his phone won’t be able to keep up and you’ll lock it up and prevent it from doing anything else.

That’s what a ddos attack is.

Nowadays a common source of DDoS attacks is IoT devices. They make convenient targets because (1) there are a *ton* of them and (2) they are horribly insecure. Hackers spread malware to take over hundreds of thousands of routers, webcams, thermostats, sensors, light bulbs etc., and then use these distributed botnets to constantly attack a single target. These are also very hard for providers to deal with because they can’t easily be distinguished from regular home users. And even if you can identify some or all of them, what do you do?

basically think of it like this. theres a big open room, inside this room there are several doors these doors make up the different servers, a DDOS attack is like someone gathering 10,000 people into the room and them all rushing the doors at the same time, they block the doorways and make it impossible for anybody else to get through.

Distributed denial of service, essentially someone (attacker) rents some time with a botnet (a network of computers with viruses on them, each of these installations of the virus takes control of the computer and connects to what ever it is attacking. This overloads the server so no one can use it. If you could figure out which botnet was used AND who rented it, sure. But botnets are almost never run from the the wealthier nations, so that’s difficult. It’s not impossible but it is next to impossible.

(Edit: also a hacker isnt going to say to whoever he/she is renting the botnet from hey my name is Alice Sophie Jackson, can I rent your botnet? They will use usernames at most.

It’s really hard to trace people who do this kind of stuff, but there’s always a way. Multiple people have been arrested and found guilty for this kind of crime before. Usually, because they make mistakes – they use the same email address in relation to another service online, where they can be traced to some information that links them to their real identity.

Or in many cases, this kind of activity is the prelude to (illegal) selling of their services. Attacking Blizzard and Twitch and Wikipedia is an advertisement, telling people they can do this and offering to sell their services to paying customers. This makes them easier to track and eventually take down.

>How can someone does this to such a big company?

You normally would use something called botnet. Botnet is a collection of compromised devices connected to the network – these devices could be video cameras, home routers, laptops – basically anything that runs OS that can have new packages installed. And there are A LOT of devices that can be compromised, since security is at best an afterthought.

So these devices in Botnet sit dormant and do nothing malicious (and thus undetected), until somebody tells them to do something. And that something could be as simple as “try logging in to Blizzard account”. And if at any given time there are lets say 1000 people logging in every second, Blizzard will not be able to handle one million devices trying to log in at once. And keep in mind that Blizzard has to process each request to figure out whether it was legitimate one or not.

>And how hard is it to track the person who does this?

The companies that offer botnets for hire usually operate in dark net, where it’s somewhat harder to track people’s connections. And they take payments in all kinds of different formats, some of which is also very hard to track even if somebody could get a hold of that company;s records (which I bet they don’t even keep). Can it be done? Yes, definitely. But it won’t be easy. I would not be surprised if some special services can do it, but they wouldn’t do it for some trivial DDOS attack that didn’t cause any massive disruptions.