Criminal Tools to Create a Denial of Service
A denial of service attack is that creates so much traffic to a site or system by exhausting the system overflow or resources. This causes an obstruction that prevents the use of the system by legitimate users. These attacks use multiple machines to attack a network or site in a single effort to create this extra traffic.
The three most common tools used to create a denial of service attack are:
- Tribal Flood Network
Although the names vary, the tools operate in much the same way by creating a system overload of traffic. It should be noted that this type of attack is not used to steal data or gain access to the systems. These are attacks executed in two phases. First, the attack needs many computers to generate a high volume of traffic. The attacker will search for computer systems for weaknesses and install one of the tools needed for the remote attack. Secondly, the infected systems will generate a large amount of traffic to block access to the target. The target cannot handle the amount of artificial traffic and this blocks the access of legitimate traffic. (Criscuolo, 2000, p. 1-2)
Trin00 uses the TCP/IP protocol and uses no encryption except for the password to initiate the command to generate the artificial traffic. TFN2K is a later tool that encrypts communications.
Trin000 usually installs a rootkit tool that will hide the presence of the sources used on the system to avoid detention. Rootkits are malware that gives the attack administrator access to the computer system. The term rootkit refers to gaining root access to the computer and kit is the software used to create the rootkit. Rootkit either exploit security holes or create a way for the attacker to bypass the standard login. Due to the upgrades in more modern machines, most have installed software to prevent access using rootkits. (Rootkit, 2010) Trin00 attacks over random UDP ports making detection difficult. UDP is an abbreviation of the User Datagram Protocol and is used predominately for time-sensitive transmission such as video play to speed up the communication. “This allows the protocol to operate very quickly, and also creates an opening for exploitation. (What is UDP?, n.d.)
If you need assistance with writing your essay, our professional essay writing service is here to help!Find out more
Tribal Flood Network (TFN) is similar to Trin00. The attackers have a known list of agencies that can be used. The attack is executed by a command-line execution. The list is not encrypted. Communication is sent using a 16-bit binary number and any arguments are cleared as ASCII text to prevent discovery of the attack and taking control. (Criscuolo, 2000, p. 8)
The creator of TFN2k also designed the Tribe Flood Network. TFN2k also causes a denial of service. All of the attacks use spoofed IP address and there is no specific command to remotely update the attacker.
Damage and Motivation of These Attacks
Ideology – the targets are often government agencies or controversial industries. In 2010 several credit companies were taken offline using DDoS attack because WikiLeaks had its credit suspended
Extortion- these include demands for payment to avoid a DDoS attack or the use of ransom-ware threatening the user’s files will be deleted without a payment.
Competition – DDoS attacks may be used on competitors' online services. This inflicts damage to the reputation and finances of companies that derive their income from online sources.
Fraud – DDoS attacks are not being used for fraudulent activity to gain access to customer accounts and sensitive information. (Zach Capers, 2013)
The tool suggested by the FBI is the NIPC which is capable of detecting TFN2k, TFN, Trin00. The NIPC tool can be downloaded from the FBI website with the latest version 3.1 available. (Criscuolo, 2000, p. 3)
Private Firms Offering Digital Forensics Services
Digital Forensics NC is in the Triad and offers services to corporations, Individuals, and attorneys for civil and criminal cases.
They offer the following forensic services, cell phone forensics, computer forensics, cyber incident response, and spyware detection.
Certifications and Licenses:
- North Carolina Licensed Countermeasures Investigator
- North Carolina Licensed Private Investigator
- Certified Mobile Forensics Examiner
- Certified Digital Forensics Examiner
- AccessData Forensic Examiner
- Certified Cyber Intelligence Investigator
- Certified Computer Forensics Examiner
- Certified Hacking Computer Investigator
- Counterintelligence Threat Analyst
- Certified Windows Recovery
- Spyware and Intrusion Detection and Removal
- Expert Email Tracer
- Certified Internet Predator Tracker / Instructor
- Court Approved Digital Forensics Expert Witness
- Ethical Hacking Training
(Discovering Evidence with Technology, n.d.)
Secure Forensics – began as a public computer repair business. In 2007, the business branched out in data recovery. They provide services to both individual clients, corporations and industries. Their clients range from private induvial needing to retain and analyze digital information to Fortune 500 companies to protect IP information. Locations are available in 36 states including North Carolina and more than one location per state.
The services provided by this business include:
Computer & Digital Forensics in the following areas.
- Mobile & Cell Phone Forensics
- DVR Recovery Forensics
- Audio & Video Forensics
- Automotive Forensic
- Data Recovery
- On-Site Forensics
- Remote Forensics
- Private Investigations
They certifications to cover a broad service in digital and computer forensics:
- SSAE 18 SOC 1, 2 & 3 Audited
- Class 10 ISO 4 Clean Room
- Top Rated by Business.com
- GSA Contract Holder
- HIPAA Compliant
- BBB Accredited with an A+ Rating
- IACIS Accredited
- HTCC Member
- AccessData Certified
- X-Ways Certified
- Guidance & Encase Certified
(Secure Forensics, n.d.)
- Criscuolo, P. J. (2000). Distributed Denial of Service. Department of Energy Computer Incident Advisory Capability, 1-5.
- Discovering Evidence with Technology. (n.d.). Retrieved from Detectiveati.com: http://detectiveati.com/about/
- Rootkit. (2010). Retrieved from TechTerms.com: https://techterms.com/definition/rootkit
- Secure Forensics. (n.d.). Retrieved from Secureforensics.com: https://www.secureforensics.com/company
- What is UDP? (n.d.). Retrieved from Cloudflare.com: https://www.cloudflare.com/learning/ddos/glossary/user-datagram-protocol-udp/
- Zach Capers, C. (2013). The Evolving Threat of DDoS Attacks. Retrieved from ACFE.com: https://www.acfe.com/fraud-examiner.aspx?id=4294976615
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: