Reports of Pokémon GO being hit by a DDoS attack have only added to the smash hit game's server troubles in recent days. A clever classroom activity helps students understand how a DoS attack works and encourages them to think about strategies to help prevent this type of cyber attack.
Denial of service (DoS)—It's a cyber attack that aims to disrupt a system's ability to respond to requests from people (or other computers) trying to access its servers. The general principal behind DoS is simple: flood the server with more requests than it can handle. Typically a DoS attack involves sending a server bogus requests, so many of them that the processor can't keep up and can't sort out and respond to legitimate requests. With the server that processes requests jammed, the system fails. The end result? Users will be unable to reach the server, whether that means they are unable to log into a site, unable to load a service, unable to complete a transaction, or suddenly find the game they were playing crashes.
Sometimes a bit of a nose-thumbing prank, DoS attacks are a common strategy for hackers looking to cause trouble for a company and cause a visible disruption of service. Depending on the services provided by the target company's network, the impact of a DoS attack can range from simply being frustrating for users to being costly for the company.
In the world of cybersecurity, protecting against DoS attacks is an important concern. But DoS is, really, about big business, right?
While the concept of hacking isn't new to most students, DoS may or may not be something they could explain a week ago.
Then Pokémon GO happened.
The Race to Catch 'Em All
The launch of the Pokémon GO app this summer garnered so much interest that the game servers have been more down than up. The goal may be to "catch 'em all," all being the 150+ Pokémon that are part of the game's initial release, but in order to "catch 'em," you have to be able to get the game to load. As fans have discovered, successfully loading the game may be trickier than capturing a legendary Pokémon.
With more than 10 million downloads of the game in the first week and players reportedly logging more time tracking Pokémon than using Facebook or Twitter, the servers haven't had much of a chance. Many people have had trouble registering, and players lucky enough to get the game to load have found the game to crash often. The allure of catching a rare Pokémon keeps players trying to get logged back in, but once the game crashes, it can take repeated attempts to get the game back up. Clearly game creator Niantic didn't fully anticipate the game's widespread appeal.
Adding to the company's already struggling efforts to meet network demand for the augmented reality and GPS-aware game, Pokémon GO servers reportedly were taken offline by a DoS attack less than two weeks after launch. A well-known hacker group in the video game and YouTube community immediately claimed responsibility via Twitter. Niantic has not confirmed the server problems over the weekend were related to a DDoS attack. But players of all ages knew something had happened, something seemingly beyond the server problems that had plagued their Pokémon-catching efforts since the game's launch.
Players knew ... because Sunday morning, they could not get logged in at all.
DDoS vs DoS
A DDoS attack is similar to a DoS attack but with a game-worthy multiplier. A traditional DoS attack often involves just one computer pushing through so many illegitimate requests that the server comes down. A DDos attack, on the other hand, is a Distributed Denial of Service attack. In a DDoS attack, multiple computers are used to simultaneously send requests to flood the server. The hacker group that claims to have targeted Pokémon GO reportedly uses a network of more than 600,000 devices when launching a DDoS attack. With a goal of creating chaos, and bragging about it to a Twitter following of more than 110K, this group has targeted other online games and YouTubers using DDoS. Even with strategies in place to help detect and ward off DoS attacks, requests coming in from thousands of points poses a new level of challenge for cybersecurity systems.
Hopefully Pokémon GO's server troubles will get cleared up, and players of all ages can focus on tracking a reported Snorlax or Dragonite in the area, or catching the Growlithe that just popped up, without worrying about whether or not the server behind the scenes will respond to their taps on the screen.
Doduo is a good catch for someone hoping to fill the Pokédex.
DDos or DoS is not.
Bridging Pop Culture and Computer Technology
Kids playing the game saw the effect of the DDoS attack last weekend. The game was unavailable for hours. Players felt the pain of the attack, and social media streams rustled with posts from frustrated users.
For teachers, the reported DDoS attack on Pokémon GO provides a great pop culture tie-in for cybersecurity discussions with students, and Science Buddies has a classroom activity that makes exploring cybersecurity and learning more about DoS fun.
The Cybersecurity: Denial-of-Service Attack classroom activity is a group activity in which students enact the process of a DoS attack. As they take on roles of client computers, the server, processors, and the Internet, students see firsthand what happens when regular client-server traffic is suddenly flooded with illegitimate requests. (Both educator and student guides are available.)
This fun hands-on classroom activity is a great way to help students better understand DoS and to start to think about larger cybersecurity concerns and risks. As a part of this classroom activity, students also think through ways to prevent and safeguard against the risk of DoS attacks and learn more about cybersecurity careers.
From Pokémon GO to a career in STEM? You never know where a video game quest will lead.