The Invisible (Digital) War

Wherever there’s a political crisis, from Gaza to Ukraine, cyberattacks targeting the flow of information soon follow. A few brave computer programmers are fighting back.

TO GO WITH "SKorea-NKorea-IT-security,FOCUS" by Lim Chang-Won
This photo taken on February 14, 2013 shows a young computer expert studying at an internet security training centre of the state-run Korea Information Technology Research Institute (KITRI) in Seoul. The training programme was launched to reflect growing official concern about South Korea's vulnerability to cyber attack in the wake of two major intrusions in 2009 and 2011 blamed on North Korea.   AFP PHOTO / JUNG YEON-JE        (Photo credit should read JUNG YEON-JE/AFP/Getty Images)
TO GO WITH "SKorea-NKorea-IT-security,FOCUS" by Lim Chang-Won This photo taken on February 14, 2013 shows a young computer expert studying at an internet security training centre of the state-run Korea Information Technology Research Institute (KITRI) in Seoul. The training programme was launched to reflect growing official concern about South Korea's vulnerability to cyber attack in the wake of two major intrusions in 2009 and 2011 blamed on North Korea. AFP PHOTO / JUNG YEON-JE (Photo credit should read JUNG YEON-JE/AFP/Getty Images)

Every day, an invisible war is waged across the planet. Hundreds of gigabits of data bombard servers every second in nonstop digital warfare targeting the free flow of information.

These digital disruptions are known as Distributed Denial of Service (DDoS) attacks. The flood of incoming traffic aims to exceed the total bandwidth of connections that a server can handle, thus bringing it down and denying visitors access to any information it holds. An enterprising attacker can infect millions of machines, creating a “botnet” to launch these attacks — marshaling the resources of computers across the globe and making the origin of his assault almost impossible to trace. There are thousands of DDoS attacks worldwide every day, accounting for roughly one-third of web server downtime.

Outbreaks of DDoS attacks mirror political turmoil in the real world. The Digital Attack Map, a project designed by Google Ideas and the network security firm Arbor Networks, tracks the assaults: DDoS attacks in Ukraine and Russia spiked from almost nothing to as large as 60 gigabits per second during the Ukrainian anti-government protests and Moscow’s subsequent annexation of Crimea in 2013 and 2014. Attacks similarly surged in Israel during last summer’s war in Gaza, with assaults emanating from everywhere from Iran to the United States. Even law-abiding Sweden was hit with a large 80 gigabit per second attack on Dec. 15, 2013, after a group of neo-Nazis attacked an anti-racism rally in the capital of Stockholm.

The attacks are an easy and cheap way to silence one’s political opponents during a moment of crisis — such as during the Ukrainian protests, when newspapers in both Kiev and Moscow came under attack. DDoS attacks succeeded in taking down NATO’s website in March 2014, while pro-Ukraine hackers targeted the state-funded Russia Today in the run-up to the invasion of Crimea, replacing instances of the word “Russian” with “Nazi.”

“Someone just wanted to make us shut up,” said Sergey Smitienko, the system architect for the online newspaper Ukrainian Truth, which was one of the first sites to rally Ukrainians to the streets in November 2013 against the pro-Russian government.

Smitienko and his colleagues had turned to the Internet because, he said, television and print media had always been strictly controlled by the country’s oligarchs, who squashed any reporting that conflicted with their political agendas. But from the second day of the protests, Ukrainian Truth’s enemies moved to cut off that mode of expression as well: The site was hit by escalating DDoS attacks that forced one of its two Internet service providers to shut down their server, forcing the site to limp along with slow service and broken links.

The DDoS attacks, which can cost as little as $150 to launch for an entire week, can impose a crippling financial burden on their victims.

Smitienko conferred with two commercial services to help his site combat the assault. “But when they saw the power of these attacks, they said that the bill for this service would be so high, we couldn’t pay it anyway,” he said.

The commercial firms wanted between $3,000 and $4,000 to combat each gigabit of data assaulting the newspaper, Smitienko said. The site, however, was being hit by about 80 gigabits of data each month — meaning that its bill would run to somewhere in the realm of a quarter of a million dollars each month. Some attackers see a financial opportunity in this conundrum: Arbor Networks estimates that roughly one-fifth of DDoS attacks are conducted with the aim of extracting a ransom from the website’s owner, in which they pay hundreds or thousands of dollars to stop the attack.

A month before Ukrainian Truth came under attack, the New York-based think tank Google Ideas launched a program to resolve precisely the problem they faced. Project Shield uses Google’s infrastructure — which has been bolstered greatly to keep services like YouTube and Gmail online — to protect news and human rights-focused websites from DDoS attacks. Google allows the websites under its protection to route their traffic through its servers, which are built to withstand even the most massive of attacks, dramatically reducing the load on their partners’ web infrastructure.

Ukrainian Truth joined Project Shield in December 2013, and while the DDoS attacks continued for the duration of the anti-government unrest in Ukraine, they never again succeeded in slowing the site.

“That was a proud moment for us,” said Google Ideas associate CJ Adams, who oversees the program, of the Ukraine crisis. “We protected sites that were top 20 newspapers in the world at the time.”

Adams said that Project Shield kept sites on both sides of the political divide online in Ukraine and Russia during the crisis, protecting over 500 million legitimate page views from targeted sites.

Hundreds of sites currently fall under Project Shield’s protection, Adams said, and he hopes to expand that number into the thousands by year’s end. He said that the initiative, which is currently accepting applications for new sites, protects any organization that is focused on news, human rights, or election monitoring, regardless of their political views.

“There was a risk [during the Ukraine crisis] that the person with the biggest botnet, the person with the biggest attack, would win,” Adams said. “The truth is that anyone can pay for someone else’s silence — and when it comes to something like a human rights group or a news organization, that shouldn’t be the case.”

Project Shield offers its services for free to sites that fall under its content criteria; there are no plans to turn this into a paid service. Since it launched, Cloudflare’s Project Galileo and’s Deflect have also sprung up to offer free protection from DDoS attacks.

While this kind of digital warfare regularly spikes during moments of political crisis, some sites are targeted as part of a long-term effort to silence dissenting voices. Tavaana, for instance, is an e-learning institute that provides online classes to Iranian activists, teaching them about democratic transitions, women’s and labor rights, digital safety, and NGO management. The program was launched in May 2010, in the aftermath of the protests known as the Green Movement, and began suffering from DDoS attacks soon after its launch.

Tavaana co-founder Mariam Memarsadeghi blames the Iranian government for orchestrating the attacks, saying that at their peak they succeeded in taking the site down for as much as half a day. “It’s not like we can trace them back to Khamenei’s house or something like that, but of course they are by the regime,” she said. “It’s the regime that doesn’t want us to exist.”

The attacks, Memarsadeghi said, originated from inside Iran but also in countries such as Dubai and China. They first occurred once a month, then escalated to once a week, before finally spiking to several times a day. “They started to get very serious about us when we started to have real traction on the ground,” she said, citing the organization’s popular Facebook page, which is liked by over 400,000 users and plays host to an active daily conversation on Iranian politics and culture.

Tavaana joined Project Shield more than a year ago; after signing up, Memarsadeghi said, it never had another problem with DDoS attacks. For her, the protection went far beyond the obvious benefits of keeping the site online.

“It was just a huge amount of moral solidarity for us; it really gave us a boost,” she said. “It was great to be able to say to our users and the Iranian public at large … that we are protected by Google — and we had to get protection from Google because the Iranian government didn’t want us to exist.”

But even as Google Ideas and other initiatives move to combat DDoS attacks, their enemies are also adapting. Memarsadeghi said that anonymous “troublemakers” had begun showing up in Tavaana’s e-classrooms, with the goal of undermining the lessons. Google Idea’s CJ Adams, meanwhile, explained how Project Shield thwarted the attackers of a major Ukrainian newspaper from bringing down the site — so their adversary created a website that was identical to the newspaper and published fake news there, in an attempt to destroy the credibility of their rival.

“It’s always a cat and mouse game,” Adams said. And the war, as they say, continues.

Photo credit: Google Ideas

David Kenner is the Middle East editor at Foreign Policy. He is based in Beirut, Lebanon, and has been with FP since 2009 (a long time, he knows). He worked for FP previously in Cairo, where he covered the early days of the Arab Spring, and before that in Washington. He has attended Georgetown University and the American University of Beirut and has reported from Libya, Egypt, Gaza, Turkey, Lebanon, and Iraq. @davidkenner

Trending Now Sponsored Links by Taboola

By Taboola

More from Foreign Policy

By Taboola