It is normally difficult to understand the motivation or goals behind specific DDoS attacks or why they occur. Because the machines or computers performing the attack are being controlled by some hidden external source, it is difficult to pinpoint the origin of the attack. When it is already hard to find out who are conducting the attacks, it is even harder to understand why. Therefore, many explanations of why DDoS occurs are theories based on speculation or small amounts of evidence.
Government websites are a common target for DDoS. Naturally, one can assume that there are some people, organizations or even other governments that do not support this government, and utilize DDoS as a form of cyber warfare to attack this government. Examples include the DDoS attacks against government websites owned by Russia, Georgia, United States, and South Korea. Theories claim that it was one country’s government attacking another country (Russia vs. Georgia or North Korea vs. United States/South Korea), but some evidence shows that the Georgian government’s website was already being attacked before the war began, implying the website could have been attacked by citizens or other people that already did not support the government. For sure, politics is involved in these DDoS attacks and is what motivates them, but it is unclear who is performing the attacks.
With the amount of information and resources available on the Internet, it may even be possible for a user with little technical knowledge to download and run a simple script that performs a DDoS attack. Regular Internet users may attempt to attack a large company’s website simply because they can. Being able to take down a large company or organization’s website can be enticing to the average, insignificant computer user. Personal conflict may even motivate some users to perform DDoS attacks on another user’s home computer, for the sake of revenge. Also, within online communities, including “hacker communities”, users that are able to succeed in taking down a target may receive some form of fame or recognition in their community. However, many of these people are commonly referred to as “script kiddies” in the online community, mainly due to the childishness of their motivation.
Some theories state that company websites under attack are being attacked by competing companies. This can disrupt or damage the target company’s services, which may very well boost the sales or amount of website views for the competing company. Small disruptions or downtime can translate to thousands of dollars lost for companies that conduct most of their business online, so there definitely are huge gains for a competing company performing DDoS attacks (or losses, in the case of the site being attacked). Apparently, DDoS attacks are very common in online gambling websites, where supposedly competing websites constantly DDoS each other.
There have also been cases where DDoS has been used against companies for ransom purposes. The attackers may attack first and disrupt the company’s website until it is almost unusable or until it is down and demand ransom money in exchange for stopping the attacks. There have also been cases where attackers do not initially attack the company’s website, but will claim that they will initiate an attack on the company’s website if they do not pay the ransom amount. Some attackers even “rent” out or sell their botnets. All of these cases are motivated by financial reasons, although most reports show they have not been very successful.
Although it is usually very hard or nearly impossible to find out who are conducting DDoS attacks, there are definitely reasons as to how it would benefit them. Conflict between human beings would be more of a philosophical question, but it is evident that people and companies are using DDoS as an attack medium against their “enemies” or competition now.