In 20 years, DDoS attacks have gone from being a novelty to a nuisance, and today they represent a threat against the availability and functionality of websites. BRYAN HAMMAN of Arbor Networks looks back at some of the attacks through the years.
Distributed Denial of Service (DDoS) attacks are more popular and dangerous today than at any time in history. In 20 years, DDoS attacks have gone from being a novelty to a nuisance, and finally today they represent a serious threat against the availability and functionality of websites, online services and applications.
This is according to Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman, who says, “Easy-to-use tools and cheap attack services have widened the potential net that DDoS attacks can cast. Today, anyone with a grievance and an Internet connection can launch an attack. If we take a look back about 20 years or so, historic news headlines and the increasing size of attacks through the years indicate that this problem isn’t going to go away.”
Looking back at some of the attacks down the years
· 1996: Internet service provider (ISP) PANIX is struck by a sustained DDoS attack, affecting businesses that use Panix as their ISP.
· 1996: CERT/ CC – the Computer Emergency Response Team/ Coordination Center, a government-funded research and development centre based at Carnegie Mellon University in Pittsburgh – releases an advisory on the growing phenomenon of TCP SYN floods using spoofed source IP addresses.
· 1997: The world sees the arrival of early DDoS tools, such as Trinoo, Tribe Flood Network, TFN2K, Shaft, and others, often coded by their authors. Primitive DDoS networks emerge, using IRC and Eggdrop or the Sub7 Trojan.
· 1998: The document RFC 2267 is published, which details how network administrators can defeat DDoS attacks via anti-spoofing measures. This document eventually becomes a best current practice adopted by many networking vendors.
· 1998: The Smurf Amplifier Registry is launched to help discover and disable “Smurf” amplifiers, which are abused in DDoS attacks. Smurf Attacks use a spoofed broadcast ICMP ping to then reflect back to a victim to create the attack traffic. By 2012 over 193,000 networks have been found and fixed.
· 1998: Michael Calce, aka 15-year-old ‘Mafiaboy’, launches sustained DDoS attacks on multiple major eCommerce sites including Amazon, CNN, Dell, E*Trade, eBay, and Yahoo!. At the time, Yahoo! was the biggest search engine in the world. He is investigated by the FBI. The Montreal Youth Court sentenced him on September 12, 2001, to eight months of “open custody”, one year of probation, restricted use of the Internet, and a small fine.
· 2002: Significant “Smurf” attacks strike the root DNS servers and cause some outages for some sites. The attacks are eventually repelled. Total traffic eventually hits 900 Mbps.
· 2007: The former Soviet republic of Estonia is hit with sustained DDoS attacks following diplomatic tensions with Russia. The issues arise after Estonia moves a statue honouring Soviet forces who served in World War II against Nazi Germany.
· 2008: Russia is accused of attacking Georgian government websites in a cyber war to accompany its military bombardment, weeks before the invasion of the disputed territory of South Ossetia by Russian troops.
· 2008: Project Chanology is launched by members of “Anonymous”, a leaderless Internet-based group, in response to the Church of Scientology trying to remove an infamous Tom Cruise interview video from the Internet. Project Chanology used DDoS as part of its measures to try to disrupt the Church of Scientology’s operations.
· 2011: Members of Anonymous launch attacks against the sites of PayPal, Visa, and MasterCard in 2011 after the payment service providers refused to process financial donations intended for WikiLeaks.
· 2011: A DDoS attack on Sony is proportedly used to block the detection of a data breach that leads to the extraction of millions of customer records for PlayStation Network users.
· 2011 to 2012: Between December 2011 and March 2012, against a background of political tension in Russia including presidential elections, which were fraught with political demonstrations, DDoS attacks enter the political landscape, with DDoS attacks on both opposition as well as pro-government sites. The world sees Russian cybercriminal methods being used for political ends.
· 2012: Similarly, although arguably not so widely, DDoS attacks are used for political reasons when Canada’s New Democrat Party sees its leadership election negatively affected by a DDoS attack that delays voting and reduced turnout.
· 2012: Unknown groups hit various US and UK government-related websites in protest at these governments’ Wikileaks position.
· 2013: FBI says more cooperation with banks is key in probing cyberattacks.
· 2013: Largest attack reaches 300Gbps – Dutch anti-spam website Spamhaus is targeted for naming and blacklisting cybercrime hosting enterprises, spam and botnet operations.
· 2014: PlayStation Network and Xbox Live are attacked on Christmas Day.
· 2014: In Hong Kong, a huge attack is carried out against the territory’s pro-democracy websites. While many assumed that the culprit would have been the Chinese government, this is not necessarily certain. The attacker could, however, be someone who is not sympathetic with the Hong Kong democracy movement, or someone trying to make the Chinese government look bad.
· 2015: The Turkish Internet is hit with a massive DDoS attack, which came in the wake of Turkey shooting down a Russian military aircraft.
· 2015: British phone and broadband provider, TalkTalk, which has over four million UK customers, is hit by a DDoS attack, which is used as a smokescreen while customers’ personal information is stolen.
· 2015: On New Year’s Eve of 2015, the BBC’s entire domain, including its on-demand television and radio player, is down for three hours and continues to have issues for the rest of the day. The attack is claimed by a group called the “New World Hackers”.
· 2016: An IoT botnet targets a major international event with sophisticated, large-scale DDoS attacks sustaining 500 gb/sec in attack traffic for the duration of the event.
· 2016: The Mirai IoT botnet launches 1Tbps multi vector DDoS attack against DNS infrastructure, taking many of the world’s most popular websites offline.
Looking forward – where to from here?
Hamman says, “We can see clearly, when we look at the timeline of some of the most prominent DDoS attacks over the past two decades, that perpetrators launch these attacks for a variety of reasons. They can be hackers who want to make a statement, as in the case of Mafiaboy; governments of countries at war using cyberwarfare tactics as part of their general arsenal; and criminals trying to blackmail online businesses.
“There are also examples when cyber activists show displeasure against their targets, such as the 2011 attacks by members of Anonymous against the sites of PayPal, Visa and MasterCard, and the 2013 attacks against Spamhaus. The online gaming industry has also been targeted, with the blame generally going to disgruntled players or even competitors. We’ve also seen instances when DDoS attacks are used as a smokescreen to camouflage or draw attention away from other criminal activity an attacker might be doing, such as stealing data from the victim’s network, as in the 2015 example of the UK telecom TalkTalk last year.
Hamman says the IoT brings new demands and requirements to DDoS protection. He adds, “The Mirai IoT botnet reminds us that manufacturers and vendors also have a growing responsibility with respect to their technology and how it will be applied in diverse environments. They need to test for and consider the potential for exploitation. Ideally, all devices should be assessed for risk at the manufacturer and then again by those who are responsible for selling/ implementing them in enterprises.”
Hamman concludes, “Previously, it used to be that only certain types of business would be likely targets for a DDoS attack, with finance, gaming and e-commerce at the top of the list. Today, any business, for any reason, can become a target of a DDoS attack. A number of DDoS-for-hire services, for example, will take down a competitor’s website for any business that wants to hire them.
“The only answer, therefore, is to ensure you are protected. Arbor provides the industry’s most comprehensive suite of DDoS attack protection products and services for the enterprise, cloud/ hosting and service provider markets, with the required deployment model, scalability and pricing flexibility to meet the DDoS protection needs of any organisation operating online today.”
Gadget goes to Hollywood
Gadget visited the Netflix studios last week. In the first of a series, ARTHUR GOLDSTUCK talks to CEO Reed Hastings.
Netflix CEO Reed Hastings is no stranger to Africa. He has travelled throughout South Africa, taught maths in Swaziland for two years with the Peace Corps, and visits close family in Maputo. As a result, he is keenly aware of the South African entertainment and connectivity landscape.
In an exclusive interview at the Netflix studios in Hollywood, Los Angeles, last week, he revealed that Netflix had no intentions of challenging MultiChoice’s dominance of live sports broadcasting on the continent.
“Other firms will do sport and news; we are trying to focus on movies and TV shows,” he said. “There are a lot of areas that are video that we are not doing: sports, news, video gaming, user-generated content. We don’t have live sport.
“We’re not replacing MultiChoice at all. Their subscriber growth is steady in South Africa. They serve a need that’s independent of the Internet, via low-price satellite. There is no intention of capturing that audience. If they’re growing, it’s because they serve a need.”
While Reed ruled out any collaboration with MultiChoice on its satellite delivery platform, despite its collaboration with another pay-TV service, Sky TV in the United Kingdom, he did not close the door. He stressed that Netflix saw itself as an Internet-based service, and would pursue the opportunities offered by evolving broadband in Africa.
“If you look in other markets like the USA, how Comcast carries us on set-top boxes with their other services, it could happen with MultiChoice, the same as with all the pay-TV providers.
“We’re really focused on being a service over the Internet and not over satellite. Our service doesn’t work on satellite. Where we work with Sky is on Internet-connected devices. We’re happy to work on Internet-connected devices. We tend to work on smart TVs, but need broadband Internet for that.
“Broadband is getting faster in Nigeria, Tanzania, Kenya and South Africa – we can see the positive trendlines – so it’s more likely we will work with broadband Internet companies.”
Hastings is a firm believer in the idea that one content provider’s success does not depend on pushing another down.
“HBO has grown at the same time as we have, so can see our success doesn’t determine their success. What matters is amazing content with which the world falls in love.”
Click here to read on about Hastings’ views on international expansion, and how the streaming service selects content for its platform.
Take these 5 steps to digital
By MARK WALKER, Associate Vice President for Sub-Saharan Africa at IDC Middle East, Africa and Turkey.
Digital transformation isn’t a buzz word because it sounds nice and looks good on the business CV. It is fundamental to long-term business success. IDC anticipates that 75% of enterprises will be on the path to digital transformation by 2027.
However, digital transformation is not a process that ticks a box and moves to the next item on the agenda – it is defined by the organisation’s shift towards a digitally empowered infrastructure and employee. It is an evolution across system, infrastructure, process, individual and leadership and should follow clear pathways to ensure sustainable success.
The nature of the enterprise has changed completely with the influence of digital, cloud and the Fourth Industrial Revolution (4IR), and success is reliant on strategic change.
There is a lot more ownership and transparency throughout the organisation and there is a responsibility that comes with that – employees want access to information, there has to be speed in knowledge, transactions and engagement. To ensure that the organisation evolves alongside digital and demand, it has to follow five very clear pathways to long-term, achievable success.
The first of these is to evaluate where the enterprise sits right now in terms of its digital journey. This will differ by organisation size and industry, as well as its reliance on technology. A smaller organisation that only needs a basic accounting function or the internet for email will have far different considerations to a small organisation that requires high-end technology to manage hedge funds or drive cloud solutions. The same comparisons apply to the enterprise-level organisation. The mining sector will have a completely different sub-set of technology requirements and infrastructure limitations to the retail or finance sectors.
Ultimately, every organisation, regardless of size or industry, is reliant on technology to grow or deliver customer service, but their digital transformation requirements are different. To ensure that investment into artificial intelligence (AI), machine learning, knowledge engines, automation and connectivity are accurately placed within the business and know exactly where the business is going.
The second step is to examine what the business wants to achieve. Again, the goals of the organisation over the long and short term will be entirely sector dependent, but it is essential that it examine what the competitive environment looks like and what influences customer expectations. This understanding will allow for the business to hone its digital requirements accordingly.
The third step is to match expectations to reality. You need to see how you can move your digital transformation strategy forward and what areas require prioritisation, what funding models will support your digital aspirations, and how this tie into what the market wants. Ultimately, every step of the process has to be prioritised to ensure
The fourth step is to look at the operational side of the process. This is as critical as any other aspect of the transformation strategy as it maps budget to skills to infrastructure in such a way as to ensure that any project delivers return on investment. Budget and funding are always top of mind when it comes to digital transformation – these are understandably key issues for the business. How will it benefit from the investment? How will it influence the customer experience? What impact will this have on the ongoing bottom line? These questions tie neatly into the fifth step in the process – the feedback loop.
This is often the forgotten step, but it is the most important. The feedback loop is critical to ensuring that the digital transformation process is achieving the right results, that the right metrics are in place, and that the needle is moving in the right direction. It is within this feedback loop that the organisation can consistently refine the process to ensure that it moves to each successive step with the right metrics in place.
There is also one final element that every organisation should have in place throughout its digital evolution. An element that many overlook – engagement. There must be a real desire to change, from the top of the organisation right down to the bottom, and an understanding of what it means to undertake this change and why it is essential. This is why this will be a key discussion at the 2019 IDC South Africa CIO Summit taking place in April this year. With this in place, the five steps to digital transformation will make sense and deliver the right results.