The following contribution examines the application of artificial intelligence in relation to Denial of Service (DDoS) attacks. The author starts with the assumption of a person with limited computer knowledge and employs artificial intelligence to gain insights into cyberattacks.
DDoS attacks are among the most common methods used in cybercrime. In these attacks, the perpetrator floods a computer system with many requests, thereby testing the system's processing capabilities. Due to the high volume of requests, the target system often collapses. To carry out the attack, the author uses a so-called "botnet," a network of compromised computer systems that can be controlled through a Command and Control (C&C) server. The ultimate goal is to slow down or, in the best case, block the victim's system.
In the contribution, the author assumes the role of a hypothetical perpetrator. Initially, artificial intelligence provides a definition of a DDoS attack. The author then acquires basic knowledge and, step by step, receives instructions on how to carry out a DDoS attack. However, when the author attempts to obtain more detailed information from artificial intelligence, particularly a detailed explanation of the steps of a DDoS attack, they are informed that such attacks constitute a crime. Artificial intelligence initially refuses to provide instructions but later describes how to proceed with a DDoS attack. To avoid further obstacles from artificial intelligence, the hypothetical author pretends to be a scientist and easily obtains additional information, as artificial intelligence does not consider scientists to have malicious intentions with the acquired information. Other questions from the hypothetical author concern the selection of victims, monetizing DDoS attacks, and formulating ransom email requests. To act as realistically as possible, the hypothetical author seeks further suggestions on how to expand their range of services with "paid DDoS services."
In summary, potential authors with no basic computer knowledge gain significant advantages from using artificial intelligence. This has led to a significant increase in the number of potential perpetrators, while law enforcement authorities cannot benefit in the same way. The reason for this is the difficulty in drawing investigative conclusions based on linguistic formulations. Possible solutions include the creation of emergency plans for companies, which could be extremely helpful in the event of future DDoS or ransomware attacks.
The article was written by Dr. iur. Dr. rer. pol. Fabian Teichmann and was published in Jusletter IT in July 2023.