Update: Old fashioned DDoS attack planned to protest Trump's inauguration

News by Max Metzger

Anti-Trump protesters have come up with a novel way to oppose the inauguration of President-elect, Donald Trump

Protesters are planning what looks like a crowdsource DDoS attack to protest the upcoming inauguration of Donald Trump.

While hundreds of thousands are expected to march on Washington DC to protest the inauguration, those who can't make it have been invited to take part in a protest in cyberspace.

Juan Soberanis, a San Francisco bay area software engineer and founder of Protester.io, recently launched a page on the website to promote his idea.

The page reads, “If you can't make it to Washington, D.C. on inauguration day to protest Trump's presidency, you can still fight for the cause by helping to take down WhiteHouse.gov as a show of solidarity for the lives impacted by Trump's policy agenda. It's simple, by overloading the site with visitors we will be able to demonstrate the will of the American people.”

If users visit whitehouse.gov and then refresh the page as many times as possible, the protestors hope to crash the site as an act of political protest. For those well acquainted with this area, this ‘protest' may well soundlike an old-fashioned DDoS attack.

A favourite of hacktivists and script kiddies, a DDoS attack is one of the more reliable weapons in the hacker's arsenal. By getting millions of computers to visit a particular website at any one time a website can be overloaded by requests, forcing it to crash.

There are countless examples of such attacks being pulled, with notable ones including last year's attacks on journalist Brian Krebs and DNS provider DYN which led to outages on popular social media sites like Twitter. Such attacks are typically deployed with the use of a botnet, a network of computers, or in recent cases vulnerable IoT devices, which will do the bidding of a single botmaster.

While executing a DDoS attack is illegal in many places, this particular case could be ambiguous. Or not, according to Stephen Gates, chief research intelligence analyst at NSFOCUS IB.

He told SC Media UK that “Participating in a DDoS attack is a crime, regardless if you use a tool, a script, a botnet for hire, or a finger and a keyboard. If protesters move forward with this demonstration, they must remember that their source IP addresses in most cases will not be spoofed; meaning, law enforcement can easily track those who participate.”

This particular case is perhaps best described as a crowdsourced DDoS attack as the botnet, if successful, will be a horde of protesters as opposed to a network machines in the employ of one master.

While novel, Amichai Shulman, CTO and co-founder of Imperva doesn't think this anything new: “We have seen such campaigns directed at official organisations as well as commercial organisations in the past few years and it does look like they are the cyber equivalent of marching the streets. At the end of the day the success of the campaign is not measured by whether a site went down for an hour or two – much like street marching – but whether some change was driven by the public attention.”

It's certainly not  the same as a professional DDoS attack, added Schulman: “This trend is very different from professional DDoS attacks carried by cyber-criminals with the intent of impairing competition (mainly in the gaming industry) or racketeering (across all industries).”

Soberanis sees Trump as a threat to American democracy itself, saying, “In order to defend and revitalise our democracy, we have to mobilise, we have to take action.” In a short YouTube video, he implores viewers “to join millions of Americans online as we protest the inauguration of Donald Trump and show our resolve to the country and to the rest of the world.”

Lee Munson, security researcher at Comparitech.com, thinks that the effort may not be successful.  He told SC, “Whether enough people care strongly enough about Trump, or have the inclination to run the required code to keep refreshing the web page, is questionable but, even if they do, their efforts may not be sufficient to knock down a government-hosted site.”

He added: “In any event, this call-to-arms does demonstrate how we have entered a new era in politics in which every citizen feels that their voice can be heard in some way, and in which hacktivism has now appeared to have entered a far more mainstream position than in the early days of groups such as Anonymous.”

Ashley Stephenson, CEO of Corero Network Security, thinks that if that enthusiasm were to be turned slighlty more professional then whitehouse.gov could have a problem on its hands: “There is a much more significant risk if just a handful of the protesters turn to the readily available DDoS tools and (illegally) join the call to action. With these tools they can amplify their protest ‘click' 100,000s maybe even millions of times.”

He said: “This real DDoS traffic would have a much greater chance of impacting the White House.gov website or the networks that carry the protest traffic.”

The White House did not respond in time for publication. 

Update: Soberanis told SC that he has cancelled the protest because of the supposed legal controversy that it may have sparked. He added, "Although I believe in the legitimacy of the protest, I don't have the resources to take on a lawsuit. Therefore, I've decided to cancel the protest. For the record, I believe this is a legitimate form of protest because to accomplish it requires not a small band of hackers, but a large movement of citizens."

Crime & Threats

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews