20 years of DDoS Attacks History – A Brief Look In The Past & Future

20 Years of DDoS-a brief look into the past and future

For the past 2 Decades, machines are under attack of DDos and still it is a threat. A DDoS attack is an attempt of sending high packets of information to a targeted machine or website, the ultimate aim of the attack is to flood the computer or website with malicious codes or heavy traffic. Once a system is under attack its losses its potential to handle the incoming flow of traffic and started showing a “Distributed Denial of Service” error to the legitimate users.

The history of the DDoS attack begins from the mid-nineties and it has come far more than 2 decades now. The first attack was very small as compared to today’s attack but was way more successful to control the systems for two days. Since then DDoS attacks are increasing in numbers, frequency, and also evaluated in terms of technology and techniques.

Mechanism of DDos Attack

A DDoS attack is carried out as a malicious attempt to disrupt the normal operation of a network or a website. The attacker uses multiple IP addresses using a proxy server or by gaining access to different devices online to attack a particular network or website. When the victim’s network is flooded with the stream of information packets it starts showing a distributed denial-of-service warning and it blocks the legitimate users to visit a website or use a network.

Type of DDoS Attacks

DDoS attacks have been here for more than two decades and they have been continuously evolving. DDoS attacks have different methods and techniques since their birth. DDoS attacks simply can be described in terms of how they occur and affects the victim, these includes

Volume Based Attacks

In this type of DDoS attack, the victim network or website is targeted using a high volume of traffic and the purpose of the attacker is to overflow the network bandwidth and hence it results in distributed denial of service warning.

Protocol Attacks

hacked, binary code

This is the type of DDoS attack in which the hacker aims to target the network infrastructure such as internet protocols and other tools to target a victim.

Application Layer Attacks

Other than the above-mentioned attacks, this is the attack solely on the application infrastructure of a website. These type of attacks focuses on the application vulnerabilities, for instance, the hacker might take advantage of WordPress vulnerabilities to attack a WordPress website.

History of DDoS Attacks

DDoS attacks aren’t new in the digital world. They are in use for the last 2 decades. DDoS attacks were simple but effective in the beginning but now they are much powerful, huge, and complex compared to the past. DDoS attacks have become more complex and severe these days and they are causing severe threats to businesses around the globe. DDoS attacks are now being used more often and they are damaging the businesses in terms of losing precious business info but also hitting them hard with financial losses.

DDoS attacks have been in business since the mid-nineties. They have a history of almost twenty years but in these years we have seen the advancing technologies, the changing ideology of attacks, the motive behind DDoS attacks, and using the latest techniques. In 1999 a large and effective attack occurred using a tool named “Trinoo” to disable the university of Minnesota’s computer for more than 2 days. DDoS attacks were performed using different tools since its early stages, some of them were “Stacheldraht”, “Shaft” and “Omega”.

At the beginning of the 21st-century DDos attacks grabs more attention and it creates a potential for hackers to use new and advanced techniques and methods. Since then DDos attacks becomes a normal part of a cyber-attack and are still threatening the businesses more than ever now.

No doubt DDoS attacks are dangerous and one must always be ready to tackle them as from the mid-nineties till now, the hackers have become significantly smart by discovering new ways of attacking. So, one must keep in mind the tactics used nowadays to secure the website or server from these attacks.

The attacks in the mid-nineties were mostly of 150 requests which were enough to crash a server of that timeline but now it is increased enormously from 150 requests to 1.2 Terabytes and 1.35 Terabytes.

The recent big attack in modern times happened against GitHub, sending traffic in terabytes to disturb the system. This shows the evolution of hackers and DDoS attacks. Even WordPress has security vulnerabilities, any code snippet can be attached to the WordPress system and If a hacker is smart enough to hide the malware in code, WordPress is down. WordPress has its security system to block DDoS attacks but not as strong as Google.

Now the question arises, what has been changed in the last twenty years? The answer to this question is simple. In the past, the problems and hackers were skilled according to the requirements and websites but modern problems require modern solutions i.e along with the advancement in systems and website technology, the hackers have also upgraded themselves and discovered new ways to hack into web servers and websites.

The 2000 Mafia boy attack:

gamer hacker cracking code into secure network server with lines code

Mafia Boy was a name given to a young boy of a 15-year-old hacker named Michal Calce. He performed an attack in 2000 which target several popular websites including CNN, Dell, E-Trade, and Yahoo!. This attack extremely affected the stock market. He executed a DDoS attack with the help of university servers. The incident leads to the creation of many cybercrime laws to stop youngsters from exploiting the servers of other websites.

The 2007 Estonia attack:

Estonia was adapting the area of online government. The process of online government was in progress when an incident happened in April 2007 which brought Estonia to its knees. The attack was a massive DDoS attack whose primary target was to crash the services of government as well as targeting financial institutes and media outlets. As all the government data was in soft form saved in databases this attack affected Estonia enormously. When the investigation was held by Estonia, they concluded that this attack was an act of cybercrime. The main suspect for this attack was Russia because during the investigation an Estonia national from Russia was arrested but the Russian government did not let the Estonian Law Enforcement do any further investigation.

The Spamhaus DDoS Attack in 2013:

Spamhaus is a nonprofit threat intelligence provider. It was targeted by attackers performing a DDoS attack in 2013. Spamhaus was very aware of the attackers and they had taken all the measures to stop the attacker from targeting their servers but still, this enormous attack smashed their securities and went right through their firewall. The attack was sending about 300 gigabits of traffic per second. This scale of attack crashed their website and some of their services. This attack was traced which lead to the associate of a Dutch company named “Cyber Bunker”. The reason for the attack was revenge from Spamhaus for backlisting their company for spamming.

DDoS Attack in Hong Kong 2014:

Occupy Central whose primary purpose was campaigning an independent voting system based in Hong Kong was targeted by hackers. This attack was known as the Pop Vote DDoS attack which was executed in 2014.  Attackers sent a huge amount of traffics to the servers of Occupy Central. There were 3 Occupy Central’s servers that were targeted. It not only targeted the servers of Occupy Central the attack was also made to two independent sites. The reason behind attacking the two independent sites known as Pop Vote and Apple Daily was that they supported Occupy Central’s movement and its cause. The traffic sent by the attacker was disguised as legitimate traffic which resulted in 500 gigabytes traffic per second.

The 2015 GitHub attack:

The attack of 2015 on GitHub was one of the most major and long attacks ever recorded in history. This attack lasted several days. The attack specifically targets two URLs of GitHub which were related to the Chinese state. Its target was to pressure GitHub into rejecting or eliminating the projects that were related to circumventing Chinese state censorship. This attack was executed by a unique method. This method involves injecting JavaScript code into the browser and sending several requests to a server making it crash. A type of malware code of JavaScript was injected into a common browser of China known as “Baidu” which caused the servers of Baidu to send several HTTP requests targeting the pages of GitHub.

The 2018 GitHub attack:

Another attack that targeted GitHub was implemented in February 2018. This attack did not last as long as the attack that happened before. It was a 20 minutes’ attack. GitHub stated that this attack was traced back to “over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.” As an attack was executed before GitHub was very aware of the attack and was also ready to face another attack that may come. They still could not stop this attack; their defenses were overwhelmed by the attack because they were not prepared to face such an enormous attack on such a large scale.

The Amazon Web Services DDoS Attack in 2020:

The most recent attack of DDoS that took place happened in February 2020 which targeted Amazon Web Services. This attack was accomplished with an incredibly unique and rare technique known as “Connectionless Lightweight Directory Access Protocol (CLDAP) Reflection”. This method targets the victims’ IP address and sends a huge amount of data to it. The attack lasted for about three days while sending traffic of 2.3 terabytes per second.

The Current DDoS Attacks

As we have gone through the DDoS attacks which occurred in the past decades and even in the near past like the Amazon DDoS attack, the attacks are increasing at a rapid pace and endangering the digital world.

The attacks in 2020 have increased immensely than of 2019. The year 2020 can be called the successful year for DDoS attacks and at the same time the worst year for the businesses being targeted during this year.

DDoS Defense Techniques 

We have seen that DDoS attacks have evolved rapidly over time. With the rapid increase in the volume and severity of attacks businesses and web security companies found an opportunity to turn this threat into an opportunity. In the last decade, web security and DDoS defense techniques have also been paid more attention.

Some of the DDoS defense techniques which are in use and are evaluated with time are as follows.

Preventing DDoS Attack

This technique is used to prevent DDoS attacks. The basic mechanism of this technique is to filter website traffic. This is a conventional defense technique that has been evolved with time and can be promising in securing the network from a potential DDoS attack. In this technique, the hardware components are checked for any vulnerability against DDoS. The technique uses blockchain to prevent DDoS attacks.


  • DDoS attack mitigation

It is a defense mechanism which is used for mitigating a DDoS attack, it involves

  • Detecting DDoS attack It mainly involves source detection of a DDoS attack, matching signature, and anomaly detection. In this process, the core objective is to look for any matching DDoS attack signature or spotting and detecting a malicious traffic source attacking a system
  • Responding to a DDoS attack

It is a mechanism of responding to a DDoS attack by filtering the traffic using network cleaning devices which look for malicious traffic and drops it down to stop a DDoS attack.

  •  Helping in tolerating a distributed denial-of-service attack.

In this stage of DDoS attack mitigation, it is used for tolerating a DDoS attack by implementing a congestion control policy. It is used for handling TCP/IP vulnerabilities and treating them in the state of a DDoS attack.

Anti-DDoS services

For successfully defending a DDoS attack or preventing an attack from happening anti-DDoS Service providers are a reliable source. You can look for dedicated DDoS protected servers, DDoS protected VPS & VPN. These service providers will look for any possible loophole, for example, WordPress security vulnerability and they will protect your website from any malicious attack.

Future of DDoS attacks

Well, the question arises now is what is the future of DDoS attacks? Well, it is very clear by viewing the history of DDoS attacks and their evolution that these attacks can go a lot much further and dangerous. Looking at the latest trends and techniques and DDoS attacks it is very clear that traditional methods of website protection won’t survive anymore. The businesses need to redesign their structure getting enough protection against DDoS attacks, leaving no potential threats for instance WordPress security vulnerability.

The experts say that the DDoS attacks will increase in terms of the number of attacks, the volume of attack, and the severity of the attack in the future due to the increasing technology and trends in DDoS attacks.

The attacks in the future will also increase in the future and can be doubled in the year 2023.


The DDoS attack has become a cybercrime industry during the last decades. The companies have lost millions of dollars during these attacks. They have also changed and evolved in terms of techniques and tools used in conducting an attack. Since 1999 the DDoS attacks have shown rapid growth. The defense techniques also evolved during these years in order to prevent and stop DDoS attacks. They can be severe in the future and companies needed to be prepared for these attacks and leaves no loopholes in their network.