April 25, 2025 • 31 mins
Questions we answer in this episode
What is a DDoS attack?
What social media platform was recently the target of a DDoS attack?
How can your home network be impacted by one?
What can you do to protect your home network?
Episode summaryDDoS attacks are growing faster than the squash in my garden - seriously, it's wild!
The slaves in the army? Devices quietly hijacked by hackers.
There are millions of them scattered around the globe...
And yes, your home devices could be part of the army without you knowing it.
Call to actionTake one small action to improve your home network's security.
You have 9 suggestions, found in Episodes 51-59.
LinksMark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome to Super Simple Security Principles. I'm Nick Jackson and I want to love computers.
(00:07):
They don't love me back. I'm learning how to stay safe online from my good buddy and master
guardian Makani Mason. He wrote his first computer program at the age of six, sealing his fate as a
(00:28):
computer geek. That's it. He knows his stuff, folks. Now he spends his time teaching people
like me and you how to stay ahead of the digital threats we face and those bad guys.
He keeps it simple and we love it. Learn along with me each week. I'll ask the questions
(00:53):
and make sure he keeps it super relevant and super simple for us. If I can do it, you can do it too.
This is episode 60. How do or how DDoS attacks affect you? Here are the questions we'll be
answering in today's episode. What is a DDoS attack? Makani, this is text talk.
(01:25):
Let me jump in. I know we always have these weird names. We always have to go over the
pronunciation right. This one actually lends itself pretty well. You can just say DDoS.
That's how it's pronounced. Make your life a little easier for the rest of this episode.
DDoS. They should put a little dash in there instead of like a big D, big D,
(01:49):
little O, big S. Are you serious? Come on, DDoS. Again, this is tech talk.
We got to keep it simple. What is a DDoS attack? Here's what's crazy. This one made me realize how
close to home it's hitting. What social media platform was recently the target of a DDoS attack?
(02:18):
Look, and this next question, so we've got two right in a row. How can you,
and let me phrase it this way if I could, how can your home network be impacted by one?
So how can your home network be impacted by a DDoS? Home network is a place we got
to safeguard. So, and what else do we need to do to protect our home network? I might add,
(02:50):
this is episode 10 in what we're calling the final in this mini-series of safeguarding
our homes. Makani, do you want to know why I feel like this mini-series is so important?
Yeah. Yeah. Okay, here's my thoughts, right? I go to work and I think that I'm protected, right?
(03:14):
I think that I'm protected. So I go to work and we've got a so-called security guy. I love him,
by the way. He's great. I'm not dissing on him, but we feel like we're safeguarded because we
got these IT guys, oh, do this or do that, or we have these extra layers of protection at work.
(03:38):
A home, a place that we really, really are in charge of protecting ourselves, an environment
that we create and we protect and that we kind of force rules and regulations and how we govern
our home. We don't do as good a job as safeguarding. Our first thoughts are to
(04:02):
safeguard what we do at work, but then we come home and we're like, oh, we'll be okay, right?
That's why I feel like this mini-series has been so important to us as non-techies,
because we're coming into it and we're saying, hey, look, our eyes have to be open. We've got
(04:22):
to pay attention to certain things. We've learned about the road signs as we've kind of gone along
and the importance of paying attention to each road sign. And that's what I love about this
mini-series is we've really, really kind of learned, hey, if we haven't been given speed
limit signs, we've been flat out given directions on what to do. So those are my thoughts, man.
(04:51):
What do you have for us? I know you got it. Yeah, well, and I've got, I have my notes
prepared, of course, but as you were talking, I had a couple thoughts I wanted to sneak in.
Because with, talk about these DDoS attacks, it occurred to me that, and we've talked
about different kinds of attacks before, a few different ones. And there are a lot of different
(05:13):
kinds of attacks out there that we could talk about and that get talked about. There's
phishing, right, for example. Lots of people talk about that. And I definitely think everybody needs
to know about that one. But one of the things about DDoS attacks is, and this is slowly changing
as it impacts our world more and more, but it hasn't been talked about as much. And it's another
(05:35):
one that I feel like everybody needs to know about. So I'm not going to teach you about every
kind of attack out there, right? Not even remotely, but this is definitely one that is relevant.
Okay. And we'll get into why. But the other thing is, and why kind of wrapping up with this, is
because one of the foundational things in keeping, staying safe online is, and this applies
(06:02):
in a lot of other ways, but you know, before you can really solve a problem well, you need
to understand the problem you're solving, right? And in online security, the way that translates is,
okay, you want to look at the security layers, but it's also really important to understand the
threats against you, because otherwise you don't really know what problem you're trying to solve,
(06:22):
what attacks you're trying to, you know, protect yourself against. And so, and that is the number
one cause of all these weird security procedures, you know, in the airport and in computers and all
sorts of places is because they haven't really stopped to define and understand what they're
trying to protect themselves from. And so you put in security measures that don't necessarily make
sense. So yeah, I think understanding attacks, even though it may sound a little techie,
(06:47):
may geeky, you might wonder why, well, that's part of why. Yeah. So, so the, like I said,
this is the final episode. And so the goal today, it's not, we're not going to give you any new
layers of protection, not going to give you anything new to do. Instead, the primary purpose
(07:10):
is to just invite you to take action. Any small step. And, you know, we'll get back to that,
of course, at our call to action section later, but yeah, that's the purpose. And obviously we're
going to talk about an attack and that, that's the method. I mean, there's lots of ways we could
have chosen to inspire our listeners to take action, but for this episode, anyway, I chose to
(07:36):
talk about an attack and the goal, you know, if you've been listening to us for very long,
you'll know that it's not the goal to inspire fear. Right. Yeah. But by the same token,
I don't like the strategy of, you know, ignorance is bliss. It's just an area you can't be ignorant
(07:58):
in. If I'm being honest. Yeah, it's, it's important. And so, you know, my goal is to
lead you from blissful ignorance to what I like to talk about as confident awareness.
Now, along the way, you may have moments of, you know, terrified awareness.
(08:19):
Right. But as you take action and that's the key part, then that fear is going to transform
into confidence. So those are kind of the stages, blissful ignorance, terrified awareness,
confident awareness. So we want to, that's, you know, the fear along the way is sort of a
(08:40):
necessary evil, so to speak, but that's not the end goal. So, yeah.
And one last point about that is, you know, everything you need to protect your home
network, we've released all the foundational layers, there's lots more we could talk about.
But you know, this is, you know, I was laughing as you were calling this mini series, because
(09:01):
like, this is our biggest series we've done so far in the podcast, you know, oh, we've done like
60, you know, like 64 episodes or whatever, this is 10 of them, you know, so yeah, yeah,
kind of mind blowing to me how much we've actually talked about with this. But
um, so we've given you a lot of tools to protect your home network. But especially, I would say,
(09:23):
for this attack in particular, too. The last episode about outbound firewalls is super relevant.
So yeah. Okay, now, before we get into actually talking about what a DDoS attack is and all that,
um, I wanted to share about the social media, the recent news, because as I was preparing this,
(09:48):
you know, this popped up good timing. From the episode perspective, anyway,
this social media platform getting targeted, right? Okay, let's hear it. Which one was it?
Well, so it's one with a funny name. And to paraphrase one of my favorite podcasters,
they may spell it X, but I'm going to pronounce it Twitter.
(10:14):
So yeah, and it was pretty big in the news. It was, it was in March of this year,
where Twitter had major outages due to a major DDoS attack. Really? Yeah. And that's the whole
goal of a DDoS is to stop a website. And there's other kinds of services that can be targeted,
(10:37):
but website is the most obvious and understandable one from just not working. So people, when they
try to go visit the X, you know, X.com, like they can't get there. They just get, it just hangs,
or it gets an error, or whatever, it fails. Gotcha.
And so when they talk about added outages, like that's what happened. There were a bunch of
people, and I don't know the exact timeframe, exact numbers or anything, but a bunch of people
(11:01):
were not able to access it because of this attack. And we'll talk about how that happens, but
I just want to share one aspect of the news article, because it gives you a lot of insight
about DDoS attacks. So the question that was the focus of a lot of the articles was who was
(11:22):
responsible for the attack. Now, in the case of a DDoS attack, I mean, this can always be
challenging in cyber attacks, but in the case of a DDoS attack, it's particularly challenging.
And Elon Musk, he pointed a finger at Ukraine in one of his tweets. He's like,
yeah, it was Ukraine. It's like, yeah, well, and then a pro-Palestinian hacker group named Darkstorm
(11:48):
took credit for it, and they denied any ties to Ukraine. And I don't know that we're going to
have a definitive answer. Sometimes groups take credit for things they didn't do, but
they may very well have. But that's not the critical point. The thing is,
(12:08):
well, we'll get to exactly what that means in a minute, but let's look at what happened to
Twitter, because this really is kind of an explanation of what a DDoS attack is,
and it's not really complex. But it's basically as though a billion people, no idea the actual
fake number in this case, but they all visited Twitter at once. And of course, I mean, Twitter's
(12:33):
big. It's built to handle a lot of people visiting, but even with this, they're not ready for that.
And so it just didn't work. Okay. Just shut the system down, essentially.
Yeah. Well, and if we look at their physical world and our driving analogy,
it's like a traffic jam, rush hour, but with millions of cars, and they're all trying to reach
(12:58):
one destination. They're all trying to get through. They all work in the same building or whatever.
Right. Right. Right.
So that's what it's like. Does that make sense?
Yeah. Oh, yeah. Oh, yeah. Like everybody trying to rush to the same building. Yep.
Yeah. And it's goal, I mean, so really, like a lot of times, you're trying to steal information,
(13:21):
you're trying to infest with malware, all these different kinds of things of most of the attacks
we've talked about. This is an entirely different purpose. Yeah. All they're trying to do is shut
down a service. And so let's look at the word. So that's the S in DDoS is service. Okay.
Stands for distributed denial of service. Okay. Okay.
(13:45):
And the word distributed is just simply referring to the fact that the attack comes from a huge
amount of devices, a huge amount of locations, not just one. Okay. Not just like one person in
one home somewhere visiting the website, like it's a billion of them scattered all around the
world. Okay. And that is why it's so hard to answer the question of who's responsible for the attack.
(14:13):
Because there's a million different IP addresses. You look, I mean, it's literally all around the
globe. Okay. That makes sense. That makes sense. Now, of course, you might suspect that behind the
scenes, there's a single portion or maybe a small group, right? Controlling all those individual
devices, making those fake visits, but it's still not easy to figure out who's doing that. Yeah.
(14:39):
Yeah. Right. Right. So that's the distributed part. And then the denial of services, I mean,
just what we're talking about, it's stopping the website or whatever from providing its intended
service. Yeah. Yeah. So now we talked about protecting your home network, right?
(15:01):
Well, here's the thing. Unlike most of the attacks we talk about, your home network is
most likely never going to be the target of a DDoS attack. Individual home networks, they're
just, they don't make any sense for people to attack. First of all, it wouldn't take much to
take them down. And they're just not the same value in taking down a Twitter or a government
(15:23):
website or whoever their enemy is or whatever statement they want to make. There's lots of
reasons why it happens. But yeah. So, but there's two impacts. There's the first, of course,
if you're a Twitter user in March, you were impacted because you weren't able to use the service.
Yeah. Okay. So this is one reason why it's important for everybody to know websites come down
(15:46):
and it may not be their fault. So maybe you should stop and not freak out too much of a website
down. Maybe they're suffering from a DDoS attack and it's not their fault or you should, anyway.
Maybe pump the brakes a little bit is what you're saying. Yeah. Not a good time to go zero to 100.
This could be something out of your control. Yeah. And it's a reminder too, and we've seen
(16:11):
a lot of these in recent years, but of how fragile the internet is because DDoS attacks, I mean,
they can bring down things pretty effectively. And our protections against them are increasing
because as the attacks increase, we're getting a lot more protections. But there is a way that
individuals can help like you, Nick and me, we can help fight against these attacks,
(16:36):
even though we're not the actual target. Okay. Okay. So I mentioned earlier, I implied that
protections from these, we've been talking about this whole series, right? Right. But the protection
isn't actually against this being the target of the attack. The protection is against preventing
(16:57):
your devices from unknowingly participating in the attack. Okay. Okay. Because this is the craziest
thing about these attacks, at least to me, it's just kind of, I don't know, still, I mean, I've
known it for years, but it's just kind of mind blowing because the way they do this is the devices
(17:19):
that they have are ones that have been taken over by hackers, just random individual devices of
every kind they can manage, anything they can get control over all around the world. Really?
That's how they do it. Okay. So it's like once they're controlled by the hackers,
they become slaves, basically, for the hackers to use however they want.
(17:45):
Right. Now, this will tie back to a story that we've talked about with you, Nick,
because you had a computer that became a slave, potentially in a botnet to be used by a hacker
for a DDoS attack. I mean, I don't know for sure what they did with it, right? Could have been
all sorts of things, but it was a candidate anyway, right? Yeah. Yeah, absolutely. I didn't
(18:12):
know this until you just put it together because I'm not a techie, but yes. You were telling me
about a brand new computer and what happened after you had gotten downloaded malware and installed
it. How was it behaving? Super slow. It was terribly slow. It was terribly slow.
(18:35):
Yep. To a point to where I thought it was ruined. I thought it was bad out of the box. It was so
slow. Yeah. Yeah. Yeah. No, thank you. Exactly. Well, that makes total sense. Well, and the reason,
I mean, it could be doing all sorts of things, like I said, right? Because once they're slaves,
(18:56):
they can be used for anything, but DDoS attacks is definitely one of them because any device,
even if you have a brand new computer and there's no information of yours on there yet, right?
Yeah. They still have your internet bandwidth connection that they can take advantage of
to do these attacks or whatever, but they also have your CPU processing power. They can use
(19:17):
mine crypto or whatever. Yeah. Yeah. And so,
I've actually helped people where they had massive slowness issues on their computer.
And after some investigation, I was like, oh, well, that's because you have malware on here.
(19:40):
Now, that's not to say my first guess, if a computer is going slow is going to be that
it's malware, right? And there's certainly plenty of other causes, but it's absolutely
on the list to check. Yeah. Yeah. That makes sense. And I mean, I don't want my devices
to be slaves. I mean, I don't want my resources used. I don't want to participate in these attacks
(20:05):
that hurt somebody else. I mean, obviously nobody's going to want to, right? Right.
But that's what happens. So, the next interesting thing I thought to share about this, Nick,
was, you know, and I don't know if you're wondering this back in your head, but, you know,
how often is this happening, right? Right. Right. What if my computer had only been going
(20:36):
mildly slow? I wouldn't have known. I really wouldn't have known. It was a new computer.
Yeah. You know, had it just been a little bit, I wouldn't have really paid attention. Like,
this could have been something that flew under my radar, essentially. Yeah. Well, and, you know,
sometimes with these slaves, they will. They'll leave them dormant for times and then, you know,
(20:58):
activate them all at the same moment to do the DDoS attack. Okay. Because that's the whole point,
right? Is it's like all of them attacking at the same time. And so, anyway, yeah. So,
I wanted to share a couple statistics, though. Yeah. Of course, you know, they're never perfect,
(21:18):
but the number I'm going to share comes from a company called CloudFlare. I can't remember,
have we talked about them before at all? I believe we've mentioned CloudFlare before.
They sound familiar. Yeah. Okay. So, I'm just going to share a couple things because
not only they're super relevant for DDoS attacks, but they're just a great company. And,
you know, most of our listeners won't necessarily go up and sign up for anything from them.
(21:44):
But if you have a website, you want to know about them. Any, even just a simple website,
you want protection because they will provide DDoS protection for free for any kind of website.
Dude, that's awesome. Yeah. Sorry, I didn't mean to cut you off. No, that's awesome. So,
(22:07):
they, you know, they do a lot of good stuff. And the more I've been, you know, using them,
because we use them for our websites and learn about them, the more I'm loving them. And
I guess they host apparently like one fifth of all websites on the internet
providing protections for them. Yeah. And they've just, you know, and that partly,
(22:30):
that's part of what helps them, you know, be able to fight against these DDoS attacks so well.
And as you might guess, since Twitter had their outage, they have now added Cloudflare protection
against future such attacks. Yeah. So anyway, there's a couple of things about them. So here's
(22:51):
the stats. So every quarter they publish statistics on these DDoS attacks that they're
defending against. Okay. So this represents how many they see directly, right? So you could maybe
five X it or whatever, just, you know, take it as the internet as a whole, whatever. We don't
really know. Right. But in the fourth quarter of 2024, they defended against 6.9 million of them.
(23:19):
Million? Yeah. Varying sizes. There's that many attacks? Yeah. Holy cow. Yeah. I didn't think
there was millions of attacks, but that's crazy. Yeah. Well, and it's an 83% growth, they said in
2024 compared to 2023. Almost doubled. Holy crap. And it included by far the largest single DDoS
(23:51):
attack to date. So in other words, this is just a growing sector. Yeah. Well, and here's another
interesting kind of, whether or not you consider this a DDoS attack intentional or not, but with
the other thing that's now getting a lot of complaints and a lot of publicity, at least in the
(24:16):
security community and website owners and stuff is all the AI. There are a ton of AI companies that
want to, you know, go connect to websites and what they call scrape data where they're, you know,
it's like they're reading websites to collect, to train their models, to get more information
in their systems. Right. Right. And they're not very ethical about it because they're not supposed
(24:39):
to do that. And so what they're in effect doing because of this mass, there's this new use for
just browsing the web basically by these AI bots is they're essentially performing DDoS attacks
on all sorts of random websites, essentially, just because there's so much extra load from
(25:00):
all these AI bots scraping everything like, and it's costing them, you know, these like,
yeah. Well, and just like people who are providing free websites and free services,
you know, all of a sudden they're getting hit and it's costing them a lot of money to be able
to service all these. And so then they're trying to fight against it and prevent the scraping.
So they don't, you know, it's just, it's a whole big crazy thing. Holy cow. So that's a different
(25:28):
problem to solve. Right. That's a different half, but it's just, I thought it was interesting
enough and it's been in the news lately. And, but getting back to, you know, the DDoS attacks
themselves, they're, they're growing. And so the reason why this matters though, right. The
implication of this, I mean, it's pretty obvious, but it means that the army of those slave devices
(25:51):
of, you know, little devices of yours and mine and whoever's like they're growing. I mean,
their devices, they're still not very safe. Right. Right. Like we we've got work to do.
Yeah. And, okay. So actually I'm going to share one more little element about this that also is
(26:15):
kind of mind blowing to me. Yeah. In recent years, the hacker black market has grown and expanded.
Tremendously. Right. Kind of a companion to, you know, we have an abundance now of computer
and cloud services. I can rent computers online, right. To do stuff for, right.
(26:36):
Well, the hackers have an increasing amount of nefarious services they can pay for.
Guess what one of them is. You can go pay to have somebody perform a DDoS service
attack, a DDoS attack on your behalf. Are you serious? Yeah. Just like, yep.
(26:56):
You know, it's like Wild West, man. Are you kidding me? I know. It's kind of crazy, right?
Like I can go rent a computer in the cloud. Well, I can go to the hacker undergrad and pay him to
launch a DDoS attack on my behalf. You know, that's crazy. Yeah. And there's so many services
like that now. Like it's really been so monetized. Like before it was mostly hackers doing it for
(27:21):
themselves, but now it's turned into a whole industry and DDoS attack is just one of the
things on the list. So anyway. Oh my gosh. Yeah. Yeah. So I think that's it. I think.
Okay. I think I'm looking at the questions. I think we answered everything. Any other questions or
(27:48):
thoughts? What can we do? I want something to take action. So I'm just getting straight to our
call to action. Like, let's have it, man. Yeah. Well, I just, you know, like we've talked about,
there's 10 episodes. We've got nine call to action because I'm adding a new one here,
(28:10):
but just pick one thing to improve your home network security. And actually we will give a
call to action for the episodes, right? That's a great place to start. First episode was 51.
And like I said, each episode has a call to action. Now I know sometimes that can be
(28:31):
overwhelming and we are going to, you know, have some non-podcast things to help you
get things straight. But in the meantime, if you drop by the forum and ask a question,
you know, happy to help you there too, right away to, you know, where do I start? What,
you know, if you have any questions about home network security or whatever. So
(28:51):
awesome. That's the place to start. Perfect. Perfect. That's a good starting point.
Look, hopefully this episode inspired some action, you know, right? Don't be part of the statistics.
Yeah. Well, and you know, one thing I like to say is every once I get run across, I mean,
it doesn't feel like they've, I'm a nobody. They don't, you know, the hackers are never going to
(29:15):
target me. I'm not a, it's like, well, first of all, any information you have is valuable to
them. But even if you had no information, you still have a device with bandwidth and CPU resources,
and that is valuable. Shockingly so. Everybody's got something worth hacking, you know, if you go
online. Right. Right. So. Okay. There you have it. Hey, can I play spoiler a little bit for next
(29:41):
week's episode? Always. Yes. Okay. So next week's episode, we're going to talk about ID me a website
that everybody needs to know about. You need to claim your account there to keep your government
identity safe. Okay. Look, Makani, you know, this, there are not many times that I don't tweak
(30:06):
your sentences. I usually jump in and I'll tweak some words. I'll tweak some things.
I didn't tweak any of these lines. I wanted to keep them safe because those two lines,
you know, need I say more? This is going to be a must listen episode. These are steps we need to
know to layer up our protection for our government IDs. Like this is huge. No, I agree. This is going
(30:31):
to be one of our more fundamental ones. That's really universally applicable, obviously for
American citizens anyway. Yeah. And it's, it's relatively new, but it's the, it's the identity
service that like all government services, it looks like are going to be moving towards
starting with federal, but there has already been a lot of state level adoption as well.
(30:54):
And so, yeah. Let's stay ahead of this folks. There you go. Okay. Okay. That was a good episode,
man. You're ready? Yeah. Are you ready to take action and wondering where to start?
Get my Bulletproof My Identity Starter Kit for free. The seven most vital layers of protection
(31:18):
everyone needs. I'll send you one step at a time and help you. If you get stuck,
just go to bulletproofmyid.com and enter your name and email and I will send you the first step
again. That's bulletproofmyid.com.
Welcome to Super Simple Security Principles. I'm Nick Jackson and I want to love computers.
(00:07):
They don't love me back. I'm learning how to stay safe online from my good buddy and master
guardian Makani Mason. He wrote his first computer program at the age of six, sealing his fate as a
(00:28):
computer geek. That's it. He knows his stuff, folks. Now he spends his time teaching people
like me and you how to stay ahead of the digital threats we face and those bad guys.
He keeps it simple and we love it. Learn along with me each week. I'll ask the questions
(00:53):
and make sure he keeps it super relevant and super simple for us. If I can do it, you can do it too.
This is episode 60. How do or how DDoS attacks affect you? Here are the questions we'll be
answering in today's episode. What is a DDoS attack? Makani, this is text talk.
(01:25):
Let me jump in. I know we always have these weird names. We always have to go over the
pronunciation right. This one actually lends itself pretty well. You can just say DDoS.
That's how it's pronounced. Make your life a little easier for the rest of this episode.
DDoS. They should put a little dash in there instead of like a big D, big D,
(01:49):
little O, big S. Are you serious? Come on, DDoS. Again, this is tech talk.
We got to keep it simple. What is a DDoS attack? Here's what's crazy. This one made me realize how
close to home it's hitting. What social media platform was recently the target of a DDoS attack?
(02:18):
Look, and this next question, so we've got two right in a row. How can you,
and let me phrase it this way if I could, how can your home network be impacted by one?
So how can your home network be impacted by a DDoS? Home network is a place we got
to safeguard. So, and what else do we need to do to protect our home network? I might add,
(02:50):
this is episode 10 in what we're calling the final in this mini-series of safeguarding
our homes. Makani, do you want to know why I feel like this mini-series is so important?
Yeah. Yeah. Okay, here's my thoughts, right? I go to work and I think that I'm protected, right?
(03:14):
I think that I'm protected. So I go to work and we've got a so-called security guy. I love him,
by the way. He's great. I'm not dissing on him, but we feel like we're safeguarded because we
got these IT guys, oh, do this or do that, or we have these extra layers of protection at work.
(03:38):
A home, a place that we really, really are in charge of protecting ourselves, an environment
that we create and we protect and that we kind of force rules and regulations and how we govern
our home. We don't do as good a job as safeguarding. Our first thoughts are to
(04:02):
safeguard what we do at work, but then we come home and we're like, oh, we'll be okay, right?
That's why I feel like this mini-series has been so important to us as non-techies,
because we're coming into it and we're saying, hey, look, our eyes have to be open. We've got
(04:22):
to pay attention to certain things. We've learned about the road signs as we've kind of gone along
and the importance of paying attention to each road sign. And that's what I love about this
mini-series is we've really, really kind of learned, hey, if we haven't been given speed
limit signs, we've been flat out given directions on what to do. So those are my thoughts, man.
(04:51):
What do you have for us? I know you got it. Yeah, well, and I've got, I have my notes
prepared, of course, but as you were talking, I had a couple thoughts I wanted to sneak in.
Because with, talk about these DDoS attacks, it occurred to me that, and we've talked
about different kinds of attacks before, a few different ones. And there are a lot of different
(05:13):
kinds of attacks out there that we could talk about and that get talked about. There's
phishing, right, for example. Lots of people talk about that. And I definitely think everybody needs
to know about that one. But one of the things about DDoS attacks is, and this is slowly changing
as it impacts our world more and more, but it hasn't been talked about as much. And it's another
(05:35):
one that I feel like everybody needs to know about. So I'm not going to teach you about every
kind of attack out there, right? Not even remotely, but this is definitely one that is relevant.
Okay. And we'll get into why. But the other thing is, and why kind of wrapping up with this, is
because one of the foundational things in keeping, staying safe online is, and this applies
(06:02):
in a lot of other ways, but you know, before you can really solve a problem well, you need
to understand the problem you're solving, right? And in online security, the way that translates is,
okay, you want to look at the security layers, but it's also really important to understand the
threats against you, because otherwise you don't really know what problem you're trying to solve,
(06:22):
what attacks you're trying to, you know, protect yourself against. And so, and that is the number
one cause of all these weird security procedures, you know, in the airport and in computers and all
sorts of places is because they haven't really stopped to define and understand what they're
trying to protect themselves from. And so you put in security measures that don't necessarily make
sense. So yeah, I think understanding attacks, even though it may sound a little techie,
(06:47):
may geeky, you might wonder why, well, that's part of why. Yeah. So, so the, like I said,
this is the final episode. And so the goal today, it's not, we're not going to give you any new
layers of protection, not going to give you anything new to do. Instead, the primary purpose
(07:10):
is to just invite you to take action. Any small step. And, you know, we'll get back to that,
of course, at our call to action section later, but yeah, that's the purpose. And obviously we're
going to talk about an attack and that, that's the method. I mean, there's lots of ways we could
have chosen to inspire our listeners to take action, but for this episode, anyway, I chose to
(07:36):
talk about an attack and the goal, you know, if you've been listening to us for very long,
you'll know that it's not the goal to inspire fear. Right. Yeah. But by the same token,
I don't like the strategy of, you know, ignorance is bliss. It's just an area you can't be ignorant
(07:58):
in. If I'm being honest. Yeah, it's, it's important. And so, you know, my goal is to
lead you from blissful ignorance to what I like to talk about as confident awareness.
Now, along the way, you may have moments of, you know, terrified awareness.
(08:19):
Right. But as you take action and that's the key part, then that fear is going to transform
into confidence. So those are kind of the stages, blissful ignorance, terrified awareness,
confident awareness. So we want to, that's, you know, the fear along the way is sort of a
(08:40):
necessary evil, so to speak, but that's not the end goal. So, yeah.
And one last point about that is, you know, everything you need to protect your home
network, we've released all the foundational layers, there's lots more we could talk about.
But you know, this is, you know, I was laughing as you were calling this mini series, because
(09:01):
like, this is our biggest series we've done so far in the podcast, you know, oh, we've done like
60, you know, like 64 episodes or whatever, this is 10 of them, you know, so yeah, yeah,
kind of mind blowing to me how much we've actually talked about with this. But
um, so we've given you a lot of tools to protect your home network. But especially, I would say,
(09:23):
for this attack in particular, too. The last episode about outbound firewalls is super relevant.
So yeah. Okay, now, before we get into actually talking about what a DDoS attack is and all that,
um, I wanted to share about the social media, the recent news, because as I was preparing this,
(09:48):
you know, this popped up good timing. From the episode perspective, anyway,
this social media platform getting targeted, right? Okay, let's hear it. Which one was it?
Well, so it's one with a funny name. And to paraphrase one of my favorite podcasters,
they may spell it X, but I'm going to pronounce it Twitter.
(10:14):
So yeah, and it was pretty big in the news. It was, it was in March of this year,
where Twitter had major outages due to a major DDoS attack. Really? Yeah. And that's the whole
goal of a DDoS is to stop a website. And there's other kinds of services that can be targeted,
(10:37):
but website is the most obvious and understandable one from just not working. So people, when they
try to go visit the X, you know, X.com, like they can't get there. They just get, it just hangs,
or it gets an error, or whatever, it fails. Gotcha.
And so when they talk about added outages, like that's what happened. There were a bunch of
people, and I don't know the exact timeframe, exact numbers or anything, but a bunch of people
(11:01):
were not able to access it because of this attack. And we'll talk about how that happens, but
I just want to share one aspect of the news article, because it gives you a lot of insight
about DDoS attacks. So the question that was the focus of a lot of the articles was who was
(11:22):
responsible for the attack. Now, in the case of a DDoS attack, I mean, this can always be
challenging in cyber attacks, but in the case of a DDoS attack, it's particularly challenging.
And Elon Musk, he pointed a finger at Ukraine in one of his tweets. He's like,
yeah, it was Ukraine. It's like, yeah, well, and then a pro-Palestinian hacker group named Darkstorm
(11:48):
took credit for it, and they denied any ties to Ukraine. And I don't know that we're going to
have a definitive answer. Sometimes groups take credit for things they didn't do, but
they may very well have. But that's not the critical point. The thing is,
(12:08):
well, we'll get to exactly what that means in a minute, but let's look at what happened to
Twitter, because this really is kind of an explanation of what a DDoS attack is,
and it's not really complex. But it's basically as though a billion people, no idea the actual
fake number in this case, but they all visited Twitter at once. And of course, I mean, Twitter's
(12:33):
big. It's built to handle a lot of people visiting, but even with this, they're not ready for that.
And so it just didn't work. Okay. Just shut the system down, essentially.
Yeah. Well, and if we look at their physical world and our driving analogy,
it's like a traffic jam, rush hour, but with millions of cars, and they're all trying to reach
(12:58):
one destination. They're all trying to get through. They all work in the same building or whatever.
Right. Right. Right.
So that's what it's like. Does that make sense?
Yeah. Oh, yeah. Oh, yeah. Like everybody trying to rush to the same building. Yep.
Yeah. And it's goal, I mean, so really, like a lot of times, you're trying to steal information,
(13:21):
you're trying to infest with malware, all these different kinds of things of most of the attacks
we've talked about. This is an entirely different purpose. Yeah. All they're trying to do is shut
down a service. And so let's look at the word. So that's the S in DDoS is service. Okay.
Stands for distributed denial of service. Okay. Okay.
(13:45):
And the word distributed is just simply referring to the fact that the attack comes from a huge
amount of devices, a huge amount of locations, not just one. Okay. Not just like one person in
one home somewhere visiting the website, like it's a billion of them scattered all around the
world. Okay. And that is why it's so hard to answer the question of who's responsible for the attack.
(14:13):
Because there's a million different IP addresses. You look, I mean, it's literally all around the
globe. Okay. That makes sense. That makes sense. Now, of course, you might suspect that behind the
scenes, there's a single portion or maybe a small group, right? Controlling all those individual
devices, making those fake visits, but it's still not easy to figure out who's doing that. Yeah.
(14:39):
Yeah. Right. Right. So that's the distributed part. And then the denial of services, I mean,
just what we're talking about, it's stopping the website or whatever from providing its intended
service. Yeah. Yeah. So now we talked about protecting your home network, right?
(15:01):
Well, here's the thing. Unlike most of the attacks we talk about, your home network is
most likely never going to be the target of a DDoS attack. Individual home networks, they're
just, they don't make any sense for people to attack. First of all, it wouldn't take much to
take them down. And they're just not the same value in taking down a Twitter or a government
(15:23):
website or whoever their enemy is or whatever statement they want to make. There's lots of
reasons why it happens. But yeah. So, but there's two impacts. There's the first, of course,
if you're a Twitter user in March, you were impacted because you weren't able to use the service.
Yeah. Okay. So this is one reason why it's important for everybody to know websites come down
(15:46):
and it may not be their fault. So maybe you should stop and not freak out too much of a website
down. Maybe they're suffering from a DDoS attack and it's not their fault or you should, anyway.
Maybe pump the brakes a little bit is what you're saying. Yeah. Not a good time to go zero to 100.
This could be something out of your control. Yeah. And it's a reminder too, and we've seen
(16:11):
a lot of these in recent years, but of how fragile the internet is because DDoS attacks, I mean,
they can bring down things pretty effectively. And our protections against them are increasing
because as the attacks increase, we're getting a lot more protections. But there is a way that
individuals can help like you, Nick and me, we can help fight against these attacks,
(16:36):
even though we're not the actual target. Okay. Okay. So I mentioned earlier, I implied that
protections from these, we've been talking about this whole series, right? Right. But the protection
isn't actually against this being the target of the attack. The protection is against preventing
(16:57):
your devices from unknowingly participating in the attack. Okay. Okay. Because this is the craziest
thing about these attacks, at least to me, it's just kind of, I don't know, still, I mean, I've
known it for years, but it's just kind of mind blowing because the way they do this is the devices
(17:19):
that they have are ones that have been taken over by hackers, just random individual devices of
every kind they can manage, anything they can get control over all around the world. Really?
That's how they do it. Okay. So it's like once they're controlled by the hackers,
they become slaves, basically, for the hackers to use however they want.
(17:45):
Right. Now, this will tie back to a story that we've talked about with you, Nick,
because you had a computer that became a slave, potentially in a botnet to be used by a hacker
for a DDoS attack. I mean, I don't know for sure what they did with it, right? Could have been
all sorts of things, but it was a candidate anyway, right? Yeah. Yeah, absolutely. I didn't
(18:12):
know this until you just put it together because I'm not a techie, but yes. You were telling me
about a brand new computer and what happened after you had gotten downloaded malware and installed
it. How was it behaving? Super slow. It was terribly slow. It was terribly slow.
(18:35):
Yep. To a point to where I thought it was ruined. I thought it was bad out of the box. It was so
slow. Yeah. Yeah. Yeah. No, thank you. Exactly. Well, that makes total sense. Well, and the reason,
I mean, it could be doing all sorts of things, like I said, right? Because once they're slaves,
(18:56):
they can be used for anything, but DDoS attacks is definitely one of them because any device,
even if you have a brand new computer and there's no information of yours on there yet, right?
Yeah. They still have your internet bandwidth connection that they can take advantage of
to do these attacks or whatever, but they also have your CPU processing power. They can use
(19:17):
mine crypto or whatever. Yeah. Yeah. And so,
I've actually helped people where they had massive slowness issues on their computer.
And after some investigation, I was like, oh, well, that's because you have malware on here.
(19:40):
Now, that's not to say my first guess, if a computer is going slow is going to be that
it's malware, right? And there's certainly plenty of other causes, but it's absolutely
on the list to check. Yeah. Yeah. That makes sense. And I mean, I don't want my devices
to be slaves. I mean, I don't want my resources used. I don't want to participate in these attacks
(20:05):
that hurt somebody else. I mean, obviously nobody's going to want to, right? Right.
But that's what happens. So, the next interesting thing I thought to share about this, Nick,
was, you know, and I don't know if you're wondering this back in your head, but, you know,
how often is this happening, right? Right. Right. What if my computer had only been going
(20:36):
mildly slow? I wouldn't have known. I really wouldn't have known. It was a new computer.
Yeah. You know, had it just been a little bit, I wouldn't have really paid attention. Like,
this could have been something that flew under my radar, essentially. Yeah. Well, and, you know,
sometimes with these slaves, they will. They'll leave them dormant for times and then, you know,
(20:58):
activate them all at the same moment to do the DDoS attack. Okay. Because that's the whole point,
right? Is it's like all of them attacking at the same time. And so, anyway, yeah. So,
I wanted to share a couple statistics, though. Yeah. Of course, you know, they're never perfect,
(21:18):
but the number I'm going to share comes from a company called CloudFlare. I can't remember,
have we talked about them before at all? I believe we've mentioned CloudFlare before.
They sound familiar. Yeah. Okay. So, I'm just going to share a couple things because
not only they're super relevant for DDoS attacks, but they're just a great company. And,
you know, most of our listeners won't necessarily go up and sign up for anything from them.
(21:44):
But if you have a website, you want to know about them. Any, even just a simple website,
you want protection because they will provide DDoS protection for free for any kind of website.
Dude, that's awesome. Yeah. Sorry, I didn't mean to cut you off. No, that's awesome. So,
(22:07):
they, you know, they do a lot of good stuff. And the more I've been, you know, using them,
because we use them for our websites and learn about them, the more I'm loving them. And
I guess they host apparently like one fifth of all websites on the internet
providing protections for them. Yeah. And they've just, you know, and that partly,
(22:30):
that's part of what helps them, you know, be able to fight against these DDoS attacks so well.
And as you might guess, since Twitter had their outage, they have now added Cloudflare protection
against future such attacks. Yeah. So anyway, there's a couple of things about them. So here's
(22:51):
the stats. So every quarter they publish statistics on these DDoS attacks that they're
defending against. Okay. So this represents how many they see directly, right? So you could maybe
five X it or whatever, just, you know, take it as the internet as a whole, whatever. We don't
really know. Right. But in the fourth quarter of 2024, they defended against 6.9 million of them.
(23:19):
Million? Yeah. Varying sizes. There's that many attacks? Yeah. Holy cow. Yeah. I didn't think
there was millions of attacks, but that's crazy. Yeah. Well, and it's an 83% growth, they said in
2024 compared to 2023. Almost doubled. Holy crap. And it included by far the largest single DDoS
(23:51):
attack to date. So in other words, this is just a growing sector. Yeah. Well, and here's another
interesting kind of, whether or not you consider this a DDoS attack intentional or not, but with
the other thing that's now getting a lot of complaints and a lot of publicity, at least in the
(24:16):
security community and website owners and stuff is all the AI. There are a ton of AI companies that
want to, you know, go connect to websites and what they call scrape data where they're, you know,
it's like they're reading websites to collect, to train their models, to get more information
in their systems. Right. Right. And they're not very ethical about it because they're not supposed
(24:39):
to do that. And so what they're in effect doing because of this mass, there's this new use for
just browsing the web basically by these AI bots is they're essentially performing DDoS attacks
on all sorts of random websites, essentially, just because there's so much extra load from
(25:00):
all these AI bots scraping everything like, and it's costing them, you know, these like,
yeah. Well, and just like people who are providing free websites and free services,
you know, all of a sudden they're getting hit and it's costing them a lot of money to be able
to service all these. And so then they're trying to fight against it and prevent the scraping.
So they don't, you know, it's just, it's a whole big crazy thing. Holy cow. So that's a different
(25:28):
problem to solve. Right. That's a different half, but it's just, I thought it was interesting
enough and it's been in the news lately. And, but getting back to, you know, the DDoS attacks
themselves, they're, they're growing. And so the reason why this matters though, right. The
implication of this, I mean, it's pretty obvious, but it means that the army of those slave devices
(25:51):
of, you know, little devices of yours and mine and whoever's like they're growing. I mean,
their devices, they're still not very safe. Right. Right. Like we we've got work to do.
Yeah. And, okay. So actually I'm going to share one more little element about this that also is
(26:15):
kind of mind blowing to me. Yeah. In recent years, the hacker black market has grown and expanded.
Tremendously. Right. Kind of a companion to, you know, we have an abundance now of computer
and cloud services. I can rent computers online, right. To do stuff for, right.
(26:36):
Well, the hackers have an increasing amount of nefarious services they can pay for.
Guess what one of them is. You can go pay to have somebody perform a DDoS service
attack, a DDoS attack on your behalf. Are you serious? Yeah. Just like, yep.
(26:56):
You know, it's like Wild West, man. Are you kidding me? I know. It's kind of crazy, right?
Like I can go rent a computer in the cloud. Well, I can go to the hacker undergrad and pay him to
launch a DDoS attack on my behalf. You know, that's crazy. Yeah. And there's so many services
like that now. Like it's really been so monetized. Like before it was mostly hackers doing it for
(27:21):
themselves, but now it's turned into a whole industry and DDoS attack is just one of the
things on the list. So anyway. Oh my gosh. Yeah. Yeah. So I think that's it. I think.
Okay. I think I'm looking at the questions. I think we answered everything. Any other questions or
(27:48):
thoughts? What can we do? I want something to take action. So I'm just getting straight to our
call to action. Like, let's have it, man. Yeah. Well, I just, you know, like we've talked about,
there's 10 episodes. We've got nine call to action because I'm adding a new one here,
(28:10):
but just pick one thing to improve your home network security. And actually we will give a
call to action for the episodes, right? That's a great place to start. First episode was 51.
And like I said, each episode has a call to action. Now I know sometimes that can be
(28:31):
overwhelming and we are going to, you know, have some non-podcast things to help you
get things straight. But in the meantime, if you drop by the forum and ask a question,
you know, happy to help you there too, right away to, you know, where do I start? What,
you know, if you have any questions about home network security or whatever. So
(28:51):
awesome. That's the place to start. Perfect. Perfect. That's a good starting point.
Look, hopefully this episode inspired some action, you know, right? Don't be part of the statistics.
Yeah. Well, and you know, one thing I like to say is every once I get run across, I mean,
it doesn't feel like they've, I'm a nobody. They don't, you know, the hackers are never going to
(29:15):
target me. I'm not a, it's like, well, first of all, any information you have is valuable to
them. But even if you had no information, you still have a device with bandwidth and CPU resources,
and that is valuable. Shockingly so. Everybody's got something worth hacking, you know, if you go
online. Right. Right. So. Okay. There you have it. Hey, can I play spoiler a little bit for next
(29:41):
week's episode? Always. Yes. Okay. So next week's episode, we're going to talk about ID me a website
that everybody needs to know about. You need to claim your account there to keep your government
identity safe. Okay. Look, Makani, you know, this, there are not many times that I don't tweak
(30:06):
your sentences. I usually jump in and I'll tweak some words. I'll tweak some things.
I didn't tweak any of these lines. I wanted to keep them safe because those two lines,
you know, need I say more? This is going to be a must listen episode. These are steps we need to
know to layer up our protection for our government IDs. Like this is huge. No, I agree. This is going
(30:31):
to be one of our more fundamental ones. That's really universally applicable, obviously for
American citizens anyway. Yeah. And it's, it's relatively new, but it's the, it's the identity
service that like all government services, it looks like are going to be moving towards
starting with federal, but there has already been a lot of state level adoption as well.
(30:54):
And so, yeah. Let's stay ahead of this folks. There you go. Okay. Okay. That was a good episode,
man. You're ready? Yeah. Are you ready to take action and wondering where to start?
Get my Bulletproof My Identity Starter Kit for free. The seven most vital layers of protection
(31:18):
everyone needs. I'll send you one step at a time and help you. If you get stuck,
just go to bulletproofmyid.com and enter your name and email and I will send you the first step
again. That's bulletproofmyid.com.
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com