In 20 years, DDoS attacks have gone from being a novelty to a nuisance, and today they represent a threat against the availability and functionality of websites. BRYAN HAMMAN of Arbor Networks looks back at some of the attacks through the years.
Distributed Denial of Service (DDoS) attacks are more popular and dangerous today than at any time in history. In 20 years, DDoS attacks have gone from being a novelty to a nuisance, and finally today they represent a serious threat against the availability and functionality of websites, online services and applications.
This is according to Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman, who says, “Easy-to-use tools and cheap attack services have widened the potential net that DDoS attacks can cast. Today, anyone with a grievance and an Internet connection can launch an attack. If we take a look back about 20 years or so, historic news headlines and the increasing size of attacks through the years indicate that this problem isn’t going to go away.”
Looking back at some of the attacks down the years
· 1996: Internet service provider (ISP) PANIX is struck by a sustained DDoS attack, affecting businesses that use Panix as their ISP.
· 1996: CERT/ CC – the Computer Emergency Response Team/ Coordination Center, a government-funded research and development centre based at Carnegie Mellon University in Pittsburgh – releases an advisory on the growing phenomenon of TCP SYN floods using spoofed source IP addresses.
· 1997: The world sees the arrival of early DDoS tools, such as Trinoo, Tribe Flood Network, TFN2K, Shaft, and others, often coded by their authors. Primitive DDoS networks emerge, using IRC and Eggdrop or the Sub7 Trojan.
· 1998: The document RFC 2267 is published, which details how network administrators can defeat DDoS attacks via anti-spoofing measures. This document eventually becomes a best current practice adopted by many networking vendors.
· 1998: The Smurf Amplifier Registry is launched to help discover and disable “Smurf” amplifiers, which are abused in DDoS attacks. Smurf Attacks use a spoofed broadcast ICMP ping to then reflect back to a victim to create the attack traffic. By 2012 over 193,000 networks have been found and fixed.
· 1998: Michael Calce, aka 15-year-old ‘Mafiaboy’, launches sustained DDoS attacks on multiple major eCommerce sites including Amazon, CNN, Dell, E*Trade, eBay, and Yahoo!. At the time, Yahoo! was the biggest search engine in the world. He is investigated by the FBI. The Montreal Youth Court sentenced him on September 12, 2001, to eight months of “open custody”, one year of probation, restricted use of the Internet, and a small fine.
· 2002: Significant “Smurf” attacks strike the root DNS servers and cause some outages for some sites. The attacks are eventually repelled. Total traffic eventually hits 900 Mbps.
· 2007: The former Soviet republic of Estonia is hit with sustained DDoS attacks following diplomatic tensions with Russia. The issues arise after Estonia moves a statue honouring Soviet forces who served in World War II against Nazi Germany.
· 2008: Russia is accused of attacking Georgian government websites in a cyber war to accompany its military bombardment, weeks before the invasion of the disputed territory of South Ossetia by Russian troops.
· 2008: Project Chanology is launched by members of “Anonymous”, a leaderless Internet-based group, in response to the Church of Scientology trying to remove an infamous Tom Cruise interview video from the Internet. Project Chanology used DDoS as part of its measures to try to disrupt the Church of Scientology’s operations.
· 2011: Members of Anonymous launch attacks against the sites of PayPal, Visa, and MasterCard in 2011 after the payment service providers refused to process financial donations intended for WikiLeaks.
· 2011: A DDoS attack on Sony is proportedly used to block the detection of a data breach that leads to the extraction of millions of customer records for PlayStation Network users.
· 2011 to 2012: Between December 2011 and March 2012, against a background of political tension in Russia including presidential elections, which were fraught with political demonstrations, DDoS attacks enter the political landscape, with DDoS attacks on both opposition as well as pro-government sites. The world sees Russian cybercriminal methods being used for political ends.
· 2012: Similarly, although arguably not so widely, DDoS attacks are used for political reasons when Canada’s New Democrat Party sees its leadership election negatively affected by a DDoS attack that delays voting and reduced turnout.
· 2012: Unknown groups hit various US and UK government-related websites in protest at these governments’ Wikileaks position.
· 2013: FBI says more cooperation with banks is key in probing cyberattacks.
· 2013: Largest attack reaches 300Gbps – Dutch anti-spam website Spamhaus is targeted for naming and blacklisting cybercrime hosting enterprises, spam and botnet operations.
· 2014: PlayStation Network and Xbox Live are attacked on Christmas Day.
· 2014: In Hong Kong, a huge attack is carried out against the territory’s pro-democracy websites. While many assumed that the culprit would have been the Chinese government, this is not necessarily certain. The attacker could, however, be someone who is not sympathetic with the Hong Kong democracy movement, or someone trying to make the Chinese government look bad.
· 2015: The Turkish Internet is hit with a massive DDoS attack, which came in the wake of Turkey shooting down a Russian military aircraft.
· 2015: British phone and broadband provider, TalkTalk, which has over four million UK customers, is hit by a DDoS attack, which is used as a smokescreen while customers’ personal information is stolen.
· 2015: On New Year’s Eve of 2015, the BBC’s entire domain, including its on-demand television and radio player, is down for three hours and continues to have issues for the rest of the day. The attack is claimed by a group called the “New World Hackers”.
· 2016: An IoT botnet targets a major international event with sophisticated, large-scale DDoS attacks sustaining 500 gb/sec in attack traffic for the duration of the event.
· 2016: The Mirai IoT botnet launches 1Tbps multi vector DDoS attack against DNS infrastructure, taking many of the world’s most popular websites offline.
Looking forward – where to from here?
Hamman says, “We can see clearly, when we look at the timeline of some of the most prominent DDoS attacks over the past two decades, that perpetrators launch these attacks for a variety of reasons. They can be hackers who want to make a statement, as in the case of Mafiaboy; governments of countries at war using cyberwarfare tactics as part of their general arsenal; and criminals trying to blackmail online businesses.
“There are also examples when cyber activists show displeasure against their targets, such as the 2011 attacks by members of Anonymous against the sites of PayPal, Visa and MasterCard, and the 2013 attacks against Spamhaus. The online gaming industry has also been targeted, with the blame generally going to disgruntled players or even competitors. We’ve also seen instances when DDoS attacks are used as a smokescreen to camouflage or draw attention away from other criminal activity an attacker might be doing, such as stealing data from the victim’s network, as in the 2015 example of the UK telecom TalkTalk last year.
Hamman says the IoT brings new demands and requirements to DDoS protection. He adds, “The Mirai IoT botnet reminds us that manufacturers and vendors also have a growing responsibility with respect to their technology and how it will be applied in diverse environments. They need to test for and consider the potential for exploitation. Ideally, all devices should be assessed for risk at the manufacturer and then again by those who are responsible for selling/ implementing them in enterprises.”
Hamman concludes, “Previously, it used to be that only certain types of business would be likely targets for a DDoS attack, with finance, gaming and e-commerce at the top of the list. Today, any business, for any reason, can become a target of a DDoS attack. A number of DDoS-for-hire services, for example, will take down a competitor’s website for any business that wants to hire them.
“The only answer, therefore, is to ensure you are protected. Arbor provides the industry’s most comprehensive suite of DDoS attack protection products and services for the enterprise, cloud/ hosting and service provider markets, with the required deployment model, scalability and pricing flexibility to meet the DDoS protection needs of any organisation operating online today.”
Revealing the real cost of ‘free’ online services
A free service by Finnish cybersecurity provider F-Secure reveals the real cost of using “free” services by Google, Apple, Facebook, and Amazon, among others.
What do Google, Facebook, and Amazon have in common? Privacy and identity scandals. From Cambridge Analytica to Google’s vulnerability in Google+, the amount of personal data sitting on these platforms is enormous.
Cybersecurity provider F-Secure has released a free online tool that helps expose the true cost of using some of the web’s most popular free services. And that cost is the abundance of data that has been collected about users by Google, Apple, Facebook, Amazon Alexa, Twitter, and Snapchat. The good news is that you can take back your data “gold”.
F-Secure Data Discovery Portal sends users directly to the often hard-to-locate resources provided by each of these tech giants that allow users to review their data, securely and privately.
“What you do with the data collection is entirely between you and the service,” says Erka Koivunen, F-Secure Chief Information Security Officer. “We don’t see – and don’t want to see – your settings or your data. Our only goal is to help you find out how much of your information is out there.”
More than half of adult Facebook users, 54%, adjusted how they use the site in the wake of the scandal that revealed Cambridge Analytica had collected data without users’ permission.* But the biggest social network in the world continues to grow, reporting 2.3 billion monthly users at the end of 2018.**
“You often hear, ‘if you’re not paying, you’re the product.’ But your data is an asset to any company, whether you’re paying for a product or not,” says Koivunen. “Data enables tech companies to sell billions in ads and products, building some of the biggest businesses in the history of money.”
F-Secure is offering the tool as part of the company’s growing focus on identity protection that secures consumers before, during, and after data breaches. By spreading awareness of the potential costs of these “free” services, the Data Discovery Portal aims to make users aware that securing their data and identity is more important than ever.
A recent F-Secure survey found that 54% of internet users over 25 worry about someone hacking into their social media accounts.*** Data is only as secure as the networks of the companies that collect it, and the passwords and tactics used to protect our accounts. While the settings these sites offer are useful, they cannot eliminate the collection of data.
Koivunen says: “While consumers effectively volunteer this information, they should know the privacy and security implications of building accounts that hold more potential insight about our identities than we could possibly share with our family. All of that information could be available to a hacker through a breach or an account takeover.”
However, there is no silver bullet for users when it comes to permanently locking down security or hiding it from the services they choose to use.
“Default privacy settings are typically quite loose, whether you’re using a social network, apps, browsers or any service,” says Koivunen. “Review your settings now, if you haven’t already, and periodically afterwards. And no matter what you can do, nothing stops these companies from knowing what you’re doing when you’re logged into their services.”
***Source: F-Secure Identity Protection Consumer (B2C) Survey, May 2019, conducted in cooperation with survey partner Toluna, 9 countries (USA, UK, Germany, Switzerland, The Netherlands, Brazil, Finland, Sweden, and Japan), 400 respondents per country = 3600 respondents (+25years)
WhatsApp comes to KaiOS
By the end of September, WhatsApp will be pre-installed on all phones running the KaiOS operating system, which turns feature phones into smart phones. The announcement was made yesterday by KaiOS Technologies, maker of the KaiOS mobile operating system for smart feature phones, and Facebook. WhatsApp is also available for download in the KaiStore, on both 512MB and 256MB RAM devices.
“KaiOS has been a critical partner in helping us bring private messaging to smart feature phones around the world,” said Matt Idema, COO of WhatsApp. “Providing WhatsApp on KaiOS helps bridge the digital gap to connect friends and family in a simple, reliable and secure way.”
WhatsApp is a messaging tool used by more than 1.5 billion people worldwide who need a simple, reliable and secure way to communicate with friends and family. Users can use calling and messaging capabilities with end-to-end encryption that keeps correspondence private and secure.
WhatsApp was first launched on the KaiOS-powered JioPhone in India in September of 2018. Now, with the broad release, the app is expected to reach millions of new users across Africa, Europe, North America, Southeast Asia, and Latin America.
“We’re thrilled to bring WhatsApp to the KaiOS platform and extend such an important means of communication to a brand new demographic,” said Sebastien Codeville, CEO of KaiOS Technologies. “We strive to make the internet and digital services accessible for everyone and offering WhatsApp on affordable smart feature phones is a giant leap towards this goal. We can’t wait to see the next billion users connect in meaningful ways with their loved ones, communities, and others across the globe.”
KaiOS-powered smart feature phones are a new category of mobile devices that combine the affordability of a feature phone with the essential features of a smartphone. They meet a growing demand for affordable devices from people living across Africa – and other emerging markets – who are not currently online.
WhatsApp is now available for download from KaiStore, an app store specifically designed for KaiOS-powered devices and home to the world’s most popular apps, including the Google Assistant, YouTube, Facebook, Google Maps and Twitter. Apps in the KaiStore are customised to minimise data usage and maximise user experience for smart feature phone users.
KaiOS currently powers more than 100 million devices shipped worldwide, in over 100 countries. The platform enables a new category of devices that require limited memory, while still offering a rich user experience.
* For more details, visit: Meet The Devices That Are Powered by KaiOS
* Also read Arthur Goldstuck’s story, Smart feature phones spell KaiOS