Wreck It Ralph 2: Disney’s Demonstration of a DDoS Attack

by | Jan 10, 2019 | Cyber Incident and Response

This past holiday season I enjoyed taking the kids to the movies. Of all the choices they had, Wreck-It Ralph 2: Ralph Breaks the Internet was their movie of choice one evening. So the kids enjoyed a story of Ralph overcoming his insecurities. I enjoyed a story that did a fair job of modeling out the fundamentals of a DDoS attack. I thought, “How marvelous.” The story line did a fair job of plotting out the phases of an attack. It provided great visual representations of the mechanics of it, all in an entertaining story that kept the kids riveted to their seats. They wondered if Ralph will save his friendship with Vanellope. I wondered whether the common parent really caught the full representation of the malware attack taking place. Sure, the internet was obviously under an attack in the story. It was all caused by Ralph’s “insecurities” suffering from a bad code (named “Arthur”), but does the common technology user understand the parallels being drawn? How this affects every person utilizing a computer device that connects to the internet? And, how we can protect ourselves from such attacks? Let’s explore this.

What is a DDoS Attack?

DDoS stands for “Distributed Denial of Service.” In short, it is a type of malware that infects all sorts of websites and all sorts of endpoints (computers, laptops, tablets, etc.) where the outcome is that you cannot visit the website or network that is the focus of the attack. It blocks access to the victimized website or network, usually for a limited duration of time.

The Basic Anatomy of a DDoS Attack

It begins with a bad guy, commonly referred to as a Hacker. The Hacker writes bad code, commonly referred to as Malware. The Hacker installs this Malware on unsecure websites (referred to as “insecurities” in the movie). It is important to note that DDoS Malware can also be spread via email attachments or through an organization’s network. But the movie focuses on the internet spread of the Malware. All of us, with our devices, are constantly interacting with websites on the internet. If we visit a site infected with the Malware, we might be tricked into installing and running the malware on our devices. This in turn makes our laptop, desktop, tablet, or phone into a Bot. Once it is a Bot, the infecting Malware in it directs it to connect to the hacker’s Command and Control Servers. In short, your laptop now answers to a new master, and takes orders from the Hacker.

Once this happens to your laptop, then your laptop becomes part of a bigger army. That army is then trained to attack a specific target, typically a website. Your device will be used as a tool to take down a business or organization for the duration of the attack.

What is the Motivation of a DDoS Attack?

There may be several reasons why a person might be motivated to orchestrate a DDoS attack.

  1. Political Motivation. Want to suppress the free speech of a dissenting voice? DDoS attack is the way to go. A political zealot who has lost sight of the First Amendment and wants to silence an opposing voice on a site might be inclined to think a DDoS attack will do the trick.
  2. Financial Motivation. If BuyCheapStuffHere.com suffers a DDoS attack and their website goes down, then suddenly online shoppers will be shopping at BuyCheapStuffHereInstead.com. So if the owner of BuyCheapStuffHereInstead.com is a little unethical and willing to hire an outfit that will make a DDoS attack happen to the competition, then the $150-per-hour investment for hiring a Hacker, that churned out the requested DDoS Malware after just 3 hours of work, can turn a profit of several thousand dollars.
  3. Motivated to Watch the World Burn. Do not underestimate the desire of some people to wreak havoc just for the sheer entertainment of it. Fun can be had by seeing a multitude of users freak out. This past year there was one such DDoS attack that hit the developer platform SPAMHAUS. Could it be that there was a code creator who felt he had something to prove? Looking to see if he could compromise a site specifically dedicated to compromise prevention? Sure!

Is the Damage Permanent?

DDoS attacks usually have a limited duration. A 24-hour attack is typical. But the damage a limited-duration attack can cause can be enduring. Of course, whenever a business’s online presence is compromised, it compromises the confidence of customers and leads to financial loss. A DDoS incident is also a potential security incident. The DDoS attack can be used as an initial hit and a distraction while Ransomware is introduced and deployed. Or while other data is stolen. A skilled DDoS attack used in such a way can take down a business permanently.

How can I Prevent My Computer from Being a DDoS Bot?

If you are interested in making sure that your computer is only used by you, and not made into a minion serving the will of a nasty Hacker, then make sure that your devices are protected with sufficient antivirus and malware protection. Also, train yourself to be careful to not open emails from unfamiliar senders. Hackers love to send mail that look almost legit… but not quite (see our article Email Spoofing: Just Delete It) Opening attachments can mean deploying malware, so be careful.

How can I protect by business’ Website and Network from DDoS attack?

If you have a business you feel may not be protected from DDoS attacks, there are two things to do:

  1. Train Your Staff on Best Practices: Making sure that your staff is wise to not open those Spoof emails, how to operate safely within their network and the internet, will prevent a lot of problems.
  2. Make sure your network is well protected with a proper Next Generation Firewall.
    Cisco’s NGFW is one that we can recommend, and if you are considering better security for your network, you can try this one out for free. 

For Wreck-It Ralph, it was all fun and games in the Internet until Ralph unleashes DDoS Malware “Arthur”. His objective was to slow down the offending Slaughter Race online video game so that Vanellope would want to come back with him to their video arcade. Destruction ensued, but being a Disney movie, everything turns out well in the end. In the real world, these incidents can lead to permanent destruction. Protect yourself from being a party to it, or a victim of it.

Hybrid VDI - Total Economic Impact of VMWare End User Computing