Normal method is to hijack other computers to carry out the attack so unless you can track who hijacked the computers all you can track is the “innocent” people who got hacked first.

Same principle as any ddos attack, just on a larger scale. Also there are some security services which they have to find a way around, but as almost allways there are more people trying to break in than people defending. If enough small fish try to get through the huge wall eventually someone will find the crack.

Tracking is quite hard, these attackers normally know what they are doing. So normally it’s almost impossible to find the person reliably.

The “D” in “DDOS” stands for “distributed”, and it means that there are many computers on the attacking side.

Those can be from a botnet where the attacker has managed to install some sort of software on them. Or they can even be volunteers, where somebody posts a call for action on some forum and people voluntarily join in.

If you consider that somebody with a good connection might easily have 100 Mbps or more available, it adds up to big numbers very quickly.

Also consider that while Blizzard has a lot of servers, individually they’re not that strong. If a given machine has say, 10 Gbps networking, then that particular machine only needs to be attacked by about a hundred machines or so. Bringing down a single machine might be plenty. It could be a particular server the attacker wants down, or worse it might be some sort of central authentication server. Then nobody can log in even though you’ve just taken 1% of the datacenter’s total capacity.

Then there are amplification attacks. For instance, if you find something you can send to a server that’s small but produces a large response, this works in your favor. You send 100 bytes of junk, you get a 1KB error page back, that’s the victim doing your work for you. Now you only need 1/10th of the bandwidth on your side to take up all of theirs.

One can also attack other resources rather than just the network. For instance if disks are slower, or if some particular action consumes a lot of CPU time you can get a lot of effect that way. If the server needs 10 ms to process a given command, you only need to send 100 of those per second, and suddenly the CPU is 100% busy.

Tracking the person can be fairly difficult depending on how the attack is carried out.

Botnets for example are hard to find what the originating IP is since the DDOS attack is coming from 100 different “people” all taking commands from somewhere else.

In todays case – the DDOS attacks on Blizzard were done by someone waving their new toy around using a 5+ year old twitter account (that has since been suspended.) – A seemingly rookie mistake

If Blizzard had the police involved, Twitter will have the IP’s of every login connection made on that account in those 5+ years, some of which I can almost guarentee will be from the attackers home address, then all Twitter has to do is give the police this data, who’ll then talk with ISP’s to find out who had the certain IP’s at the given time and boom, jail time.

Do we know if the WoW and the Wikipedia attacks were from the same source?

Distributed denial of service, essentially someone (attacker) rents some time with a botnet (a network of computers with viruses on them, each of these installations of the virus takes control of the computer and connects to what ever it is attacking. This overloads the server so no one can use it. If you could figure out which botnet was used AND who rented it, sure. But botnets are almost never run from the the wealthier nations, so that’s difficult. It’s not impossible but it is next to impossible.

(Edit: also a hacker isnt going to say to whoever he/she is renting the botnet from hey my name is Alice Sophie Jackson, can I rent your botnet? They will use usernames at most.

It’s really hard to trace people who do this kind of stuff, but there’s always a way. Multiple people have been arrested and found guilty for this kind of crime before. Usually, because they make mistakes – they use the same email address in relation to another service online, where they can be traced to some information that links them to their real identity.

Or in many cases, this kind of activity is the prelude to (illegal) selling of their services. Attacking Blizzard and Twitch and Wikipedia is an advertisement, telling people they can do this and offering to sell their services to paying customers. This makes them easier to track and eventually take down.

>How can someone does this to such a big company?

You normally would use something called botnet. Botnet is a collection of compromised devices connected to the network – these devices could be video cameras, home routers, laptops – basically anything that runs OS that can have new packages installed. And there are A LOT of devices that can be compromised, since security is at best an afterthought.

So these devices in Botnet sit dormant and do nothing malicious (and thus undetected), until somebody tells them to do something. And that something could be as simple as “try logging in to Blizzard account”. And if at any given time there are lets say 1000 people logging in every second, Blizzard will not be able to handle one million devices trying to log in at once. And keep in mind that Blizzard has to process each request to figure out whether it was legitimate one or not.

>And how hard is it to track the person who does this?

The companies that offer botnets for hire usually operate in dark net, where it’s somewhat harder to track people’s connections. And they take payments in all kinds of different formats, some of which is also very hard to track even if somebody could get a hold of that company;s records (which I bet they don’t even keep). Can it be done? Yes, definitely. But it won’t be easy. I would not be surprised if some special services can do it, but they wouldn’t do it for some trivial DDOS attack that didn’t cause any massive disruptions.

Nowadays a common source of DDoS attacks is IoT devices. They make convenient targets because (1) there are a *ton* of them and (2) they are horribly insecure. Hackers spread malware to take over hundreds of thousands of routers, webcams, thermostats, sensors, light bulbs etc., and then use these distributed botnets to constantly attack a single target. These are also very hard for providers to deal with because they can’t easily be distinguished from regular home users. And even if you can identify some or all of them, what do you do?

basically think of it like this. theres a big open room, inside this room there are several doors these doors make up the different servers, a DDOS attack is like someone gathering 10,000 people into the room and them all rushing the doors at the same time, they block the doorways and make it impossible for anybody else to get through.