Let's call it a 'digging utensil' instead

Rob Rosenberger, Vmyths co-founder
Friday, 18 February 2000 THE SUDDEN COINING of "distributed denial-of-service (DDoS) attacks" upsets me. It should upset you, too. We already had a term: "distributed coordinated attacks (DCA)." Dr. Fred Cohen (the father of what we know today as viruses) coined it at least three years ago. Experts ridicule Microsoft's security team, yet they knew enough about Cohen's work to correctly describe Melissa as a "DCA." Now suddenly everybody wants to say "DDoS." Did I overlook an important computer security term? I searched for it in press releases & news clippings dating back to 1996; then I searched Deja.com's Usenet archive.

Security experts occasionally rename things to make them more appealing to the media. Can you remember Chernobyl's original name?

Guess what? "DDoS" appeared six weeks ago. I repeat: Cohen coined "DCA" at least three years ago. "DDoS" first showed up in a 6 January United Press Int'l newswire. Interestingly, it came from a quote from FBI NIPC fearmonger Michael Vatis. The abbreviation didn't appear on Usenet until 10 January; another week went by before it appeared on NTBugTraq. It percolated until 27 January when The Register used "DDoS" in a story. It then figured prominently in a 7 February press release from Global Integrity (a subsidiary of information warmonger SAIC). UPI added it to their lexicon on 8 February. Newsbytes started saying it on 11 February — apparently after reading press releases issued one day earlier by Network Associates. (Aladdin also used "DDoS" in a press release the same day.) Other vendors & experts followed suit, and the rest of the media got hooked. Frankly, it looks like this term came from the bowels of NIPC. Did Vatis' technical staff not know of Cohen's research? I certainly wouldn't put it past them. (Ouch.) And why did security vendors latch onto "DDoS"? Did they not know of Cohen's research? (Ouch².) Or did they discard an old term to exploit the media's infatuation with NIPC? Memo to the computer security world: Dr. Cohen will speak next Thursday at the Naval Post Graduate School. The title of his lecture starts off with the letters "DCA," of course. He'll begin "with a brief overview of results from 1996 in Distributed Coordinated Attacks — such as those now being experienced all over the Internet — [extracted] from a short course taught to the NSA in that timeframe." I hope a NIPC rep attends. Then again ... did someone at NIPC simply want to coin a new phrase? I gotta admit: geek reporters already know "DoS" and they understand "distributed computing." Whoever combined the two made a significant media impact (another thing I wouldn't put past those politicos). Every industry will rename something to make it more appealing. No argument there. In this industry, however, they don't do it to increase product exposure — they do it to raise the fear factor. Can you remember Chernobyl's original name, for example? Now you know why the sudden coining of "DDoS" upsets me. It should upset you, too.