According to security researcher Graham Cluley, multiple sites were affected, including its main website at www.nato.int.
The attack came after NATO’s secretary general published a statement on the website, claiming that the referendum would have “no legal effect or political legitimacy.”
“DDoS attacks manage can bring down websites by flooding them with so much web traffic that they can no longer stand up, and legitimate visitors will find the site too clogged up with visitors to work,” he explained in a blog. “It’s the equivalent of 15,000 fat men trying to get through a revolving door at the same time.”
Typically, DDoS attacks use compromised computers to flood a website with traffic, but Cluley explained that it’s also known for the owners of computers to be willing participants in an attack, intentionally running tools like the Low Orbit Ion Cannon to help those behind the attack to achieve their goals.
NATO spokesperson Oana Lungescu confirmed via Twitter that some NATO websites had suffered from a DDoS attack, and reassured internet users that the integrity of NATO data and systems was not affected.
“Of course, clogging up a website is very different from hacking a website – and although still malicious, it’s a lot less serious than a security breach that could have stolen information or planted malware,” Cluley said.
He added, “Although DDoS attacks can be initiated for the purposes of blackmailing companies (imagine, for instance, the not uncommon scenario of a gambling website being threatened with a DDoS attack if it doesn’t wire money to the attackers), this incident is another reminder that attacks can often also be perpetrated for political hacktivist reasons or through the desire to curb freedom of speech.”
It's a well-known tactic employed by hacktivist groups like Anonymous. "Clearly from the information released so far, this attack was politically based,” said Lancope CTO Tim 'TK' Keanini said in an email to Infosecurity. “In these cases, reporting is easy since the perpetrator wants to be known and the reasons for the attack proclaimed at the time of the event. Compare this to other profiles like cyber-criminals who don’t want to be known, hide in the shadows, and launch DDoS for a diversion while they perform their objective of data theft.”
These political sites should rehearse this scenario because from here on out it should be common, he added. “Their incident response should include not just IT folks but the legal, PR, and all the other departments that help insure business continuity,” said Keanini.