The dangers of Skype and DDoS
Recently, I’ve noticed a lot of people (especially famous livestreamers) complain about getting DDoSed. Some of the people who have mentioned this in the past are Hydra, Athene, and many other livestreamers out there. Some people have even asked about feedback on how to stop/prevent it but even though I replied, it seems none have noticed or have taken the time to reply. Which brings me to this post.
I will try to clarify as many things as possible without learning anyone how to do anything illegal. It is not my goal to teach people illegal things, I would only like to take the time to explain a few things that might help other people, even specifically other fellow livestreamers out there that might be struggling with these issues. Should you have any other questions, be sure to let me know!
What are Skype and DDoS?
Skype
You’ve probably already heard of Skype, it’s a communication program owned by Microsoft. Recent reports have also mentioned Skype will be replacing Windows Live Messenger (also known as MSN). Skype supports multiple types of communication, including (but not limited to) text/voice/video communication and file transfer. Skype is a peer-to-peer application, meaning there’s a direct connection between the people using Skype. So if you’re talking to someone you know, there’s a direct connection between the both of you, so Microsoft doesn’t have to host hundreds of servers for the sake of transferring voice/video/… data. While this is a decent way to do things, this also means there’s a direct connection between you and other people on Skype. Even strangers. This is a very important aspect of what I’ll explain next.
DDoS: Distributed Denial of Service
DDoS is a form of attack that expands on the principles of DoS (Denial of Service). While Denial of Service is an attack from a single computer to a target, DDoS is the distributed form of this attack, meaning hundreds/thousands of computers are attacking the same target at the same time. This will result in the target going down, meaning the target will either crash or lose its internet connection for the duration of the attack. It’s important to notice that a DDoS attack can be performed by simply having your IP address (more on this later) and it is only effective for the duration of the attack. An attacker can not keep the target down unless the attack is never stopped. Never stopping the attack would mean anyone would have enough time to log critical information and use this to report it to the police – no smart person would risk this as it could result in the closure of the attacker’s botnet and maybe even in the disclosure of the attacker’s real life identity.
Botnets and Becoming a Slave
What is a botnet?
A botnet in its simplest form is just an “automated network”. In the context of illegal activity, a botnet is a network of hundreds/thousands of infected computers that can be controlled by the attacker. Computers in a botnet are called slaves and remain inactive for most of the time, until the attacker issues a command (eg.: attack target X) in which case every slave in the botnet will begin attacking target X. An attacker would set up such an idle network for when (s)he wants to attack whoever for whatever reason. These reasons range from money to hate and even to simple boredom.
Are botnets that common?
There are millions and millions of users connected to the internet, so a few thousand in a botnet aren’t that uncommon. Even larger botnets (ranging to millions of infected computers) exist and have existed in the past and there is even a market for these slaves. Some people really sell part of their botnet (or their entire botnet) on forums and websites, for people who don’t want to take the time to set up their own botnet.
You’ve mentioned “infected computers”. I’m on Mac/Linux/… so I’m safe, right?
No. Definitely not. Any OS (operating system) supposedly not having viruses is a simple lie created to make you prefer a particular product and/or to create a false sense of security. A virus is, in essence, a simple application. We describe it as a “virus” because it causes problems and is used for malicious purposes. The word “virus” accurately describes the application’s goal, not its origin. So it’s safe to assume that every OS that allows custom-made applications with access to files or anything else on the OS will have viruses.
The main reason for people to target a specific OS (eg. Windows) is because of its popularity. From a cracker’s (READ THIS: Hacker vs Cracker) point of view, there’s just a larger audience to reach on a certain platform, so why waste time on other platforms? Of course some people have still developed viruses for less used platforms (and even phones), because for as long as at least 1 person uses an OS, you have an audience.
So what does Skype have to do with this again?
A few months ago, the source code to a specific Skype version was leaked. This was used to create a way to easily find Skype users’ IP addresses. The attack doesn’t even need you to add anyone to your friend’s list, you can get any user’s IP address as long as you have their Skype username (or e-mail or real name) and the target is online. If the target is not online, this method does not work.
The leaked version allows you to enable debugging. This will log all information to a text file on your computer: every step you take, every click, everything is recorded in this file. Remember I mentioned Skype is a peer-to-peer program and people are connected? Well, the leaked version also logs the IP address of people you try to connect to (or that try to connect to you). So yes, you can literally just open up a text file and read that person’s IP address. Once a cracker has your IP address, letting a botnet attack you becomes really simple.
Due to the principle of peer-to-peer connections and the way Skype was designed, there is no built-in way around this. However, there are a few ways to avoid getting attacked.
Does this make Skype a bad/dangerous program? What about my anti-virus?
No. Definitely not. Everything connected to the internet has a potential danger, even just visiting a website with your trusted browser and antivirus could result in you getting infected. Since a virus is just an application, anti-virus applications generally do not work as advertised. An anti-virus can only detect viruses or suspicious behaviour it already knows. So anyone with some programming knowledge can write a custom virus and infect as many people as possible. An anti-virus will not detect is as a virus until the virus either becomes so big/known they add it in their database or until it performs suspicious actions and gets flagged by the anti-virus.
I do have experience with this and have performed tests in the past and I can safely say an anti-virus is completely useless against a custom written virus. Does this mean an anti-virus is always useless? No, definitely not. A lot of kids/immature people/people without programming knowledge try to infect people with way too popular, known and detected viruses that are freely available for download on the internet. An anti-virus will protect you from these kinds of people.
Avoiding attacks & Fixing things when it’s too late
Avoiding attacks
Rule #1: don’t give anyone a reason to attack you. In general, this shouldn’t be a problem for most people. But there are people out there, especially underage kids, that use the internet to brag, to talk back to people or even just to insult random people. When done on the wrong website or to the wrong person, this makes you an immediate target. Of course a lot of kids will bluff about DDoSing you (yes, unfortunately there are a lot of wannabe-pretend-crackers out there) but in some cases it might be someone with an actual botnet.
Rule #2: don’t give your Skype information (username, e-mail, real name, …) to anyone you don’t fully trust. If they can’t find your profile on Skype, they can’t get your IP address – it’s as simple as that. Also be sure not to have any information floating around on Google that links you back to your Skype account (eg. Twitter/Facebook/… accounts, …).
That’s about it. As an individual, you shouldn’t really be afraid of getting DDoSed. Only people that ask for it and famous people in general are attacked. Unless you get in contact with a cracker and (s)he dislikes you for whatever reason.
Fixing things when it’s too late
So you’re already targeted by DDoSers? Well, there *are* a few ways to fix things.
#1: Use a VPN
A VPN (Virtual Private Network) connects you to an external network. This allows you to connect to Skype with another IP address than your own. If someone then tries to attack you, they will be attacking the external network instead. Please note some VPN providers will consider disabling your account if you get targeted by DDoSers. Other VPN providers, however, offer their services to avoid DDoS. Using a VPN can slow down your internet connection, so please continue reading the part about proxies.
#2: Use a proxy
A proxy is somewhat similar to a VPN (although in theory, the functionality of the 2 is entirely different). In the end, it will result in the same: the IP address people will get from Skype is not your home IP address. It is the proxy server’s IP address, so you cannot (personally) get attacked.
As mentioned above, VPNs can slow down your internet connection. The same goes for proxies. However: using a program like Proxifier, you can set up forwarding rules that will only redirect Skype traffic. This means it will not affect your internet connection anywhere else, it will only tunnel the traffic you want through the proxy.
#3: Change your IP address (static or not)
Believe it or not, you can change your IP address. To do this manually, you need to have a dynamic IP address. If you’re unsure, you can contact your ISP (Internet Service Provider). Explaining every method for how to change your IP address manually is beyond the scope of this post but you can find lots of methods easily on Google. As a simple side note; if you do have a dynamic IP address, you can also change it by just unplugging your modem for at least 2 minutes. Please note: this method may not work if your ISP has disabled immediate dynamic IP.
However, even if you have a static IP address, you can still contact your ISP, explain your current situation and request an IP change.
Conclusion
That’s about it. There’s a lot more technical information I haven’t mentioned but the purpose of this post is helping as many people in general without providing too much technical information. For more questions, I’ll mention it again: don’t be afraid to contact me. I try to respond to all mails.
