The Net Delusion - Evgeny Morozov [62]
The modern elements within Saudi Arabia’s civil society were hopeful of finally getting some autonomy in cyberspace. And their hopes were not in vain: The Internet quickly filled the void, with nearly free and easy access to philosophy books, video lectures, and scholarly magazines. But there was no centralized repository of links to such content, so several U.S.-educated Saudis started an Internet forum, Tomaar, to discuss all things related to philosophy and share links to interesting content. The site enjoyed tremendous success; in just a few months, the site branched out beyond philosophy, with its users discussing Middle East politics and controversial social issues (since the site was in Arabic, non-Saudi users frequented it as well). At its peak, the site had more than 12,000 active members, who contributed an average of 1,000 posts a day.
But it was a short-lived triumph. Before long, the Saudi government noticed the phenomenal success of Tomaar and quickly banned all Saudi users from accessing the site. This, however, was an easy problem to solve. In the last decade or so, plenty of tools had emerged to circumvent such government bans; their creation was fueled mostly by the excessive censorship of the Chinese authorities. In essence, governments cannot erase the content they do not like, especially if it’s hosted on a foreign server; what they can do is to ban their own nationals from accessing that content by requiring ISPs to simply stop serving requests for a particular URL. But it’s possible to trick the ISPs by connecting to a third-party computer and using that computer’s Internet connection to access the content you need; all that the government would see is that you are connected to some random computer on the Net, but they won’t know that you are accessing content they don’t like. Tomaar’s fans made good use of such censorship-circumvention tools and were able to use the site despite the ban. (Of course, once too many users connect to one computer or its address is publicized, the authorities may understand what is taking place and ban access to it as well.)
But their jubilation did not last long. Shortly thereafter the website became inaccessible to even those users who relied on censorship-circumvention tools. It appeared that the site was enjoying such popularity that it was simply overloaded with Internet traffic. The American company that hosted Tomaar wrote the site administrators to inform them that it was terminating their contract, making the site a “digital refugee.” Something eerie was happening, and Tomaar’s administrators could not figure out what it was (none of them was a techie—one worked as a salesman in a high-end consumer electronic store, and another was a financial consultant in a bank).
It took some time before it became clear that Tomaar was a target of a protracted cyber-attack that aimed to make the website unavailable. The type of attack in question—the so-called Distributed-Denial-of-Service (DDoS) attack—is an increasingly popular way of silencing one’s opponents. Much like pubs and salons, all websites have certain occupancy limits. Popular sites like CNN.com can handle millions of simultaneous sessions, while most amateur sites can barely handle a hundred or two hundred simultaneous visits. A DDoS attack seeks to take advantage of such resource constraints by sending fake visitors to targeted websites. Where do such fake visitors come from? They are generated by computers that have been infected with malware and viruses, thus allowing a third party to establish full command over them and use their resources however it sees fit. Nowadays, the capacity to launch such attacks is often bought and sold on eBay for a few hundred dollars.
Since the attack originates from thousands of computers,