Death By DDoS

Death by DDoS

On Friday Oct. 21st, the east coast of the United States woke up to what was going to become a very bad day. DynDns, an Internet performance management company that offers products to monitor, control, and optimize online infrastructure was attacked. The DDoS attack lasted most of the day as waves of outages cut across the nation; Twitter, Amazon, Soundcloud, Etsy, Spotify and many more companies were taken offline from the impact of this attack. For a company like Amazon to be out even for just two hours is already a major money loss. This was proven in 2008 when the company had a glitch that took down their site for two hours losing them 3.6 Million (1.8 Million per hour); two years later and that attack would have lost them 7.56 Billion. So you can imagine the losses suffered from the intermittent outages of their site and what damage was caused to other companies as well.

Over the days since the event,  many security researchers have looked over the attack, and recently it seems that the conclusion is “Script kiddies”. I don’t really agree with that, even with the recent release of the Mirai botnet code I can’t place this blame on a group of script kiddies. What you’ll see below is the map of the effected areas. While Flashpoint states that nothing points to political motivation I say why are we looking at anything political?

despite speculation, nothing they’ve seen points to political motivation or extortion

That being said, who did this attack and why? While professionals will say script kiddies I say it had to be more than that. Script kiddies don’t poke the big bear, they annoy gamers on Xbox Live and PS4 But they do not get together and say “let’s mess with the internet today”. What I think is that this is a ‘weakness test’, a stress test more so than some pseudo-political silence of the people. But why stress test? To find who your next target will be. Maybe we won’t see anything come of this massive DDoS attack because a group of hackers have claimed to be the ones behind it. They call themselves the “New World Hackers” and state that they are different than other groups. By checking their account we find it says location Russia, which brings us to the next part of this blog. Where are these guys?


So – location. Something I’ve have noticed is that none of these researchers talk about the time of the attack.  While we can say that DDoS attacks don’t really need anyone sitting around making sure they work, in this case with waves of attacks it’s something we should consider. The initial attack ranged from 7am-9am with some aftershocks here and there. Not counting the east coast of America what do we have left?  China (The sleepless script kiddies), Iraq and Iran (In Allah we hack), and Russia (The sleepless nation),  each place easily able to pull off this attack. The timing would be perfect: Shanghai: 9Pm-6Am, Baghdad: 4Pm-1Am and Moscow: 4Pm-1Am. While I personally don’t believe these guys are the ones behind it, they are so far the only people to come out and say they were behind it. The irony is it seems we have nothing to fear from them as they have disbanded. They recently had an interview with a journalist stating how it was done and the time it took to lead up to this attack. This proves that at least they have some clue about what’s going on if they did do it. They also state that it was done to show the Russian government that they were capable of attacking anyone at any given time.

So conclusions?

This was something done by people a few steps up from your typical script kiddy. This wasn’t done for any political reason.  It was done for the typical black hat answer ‘for shits and giggles’ and because we want to show you we have the power as well as a test to see where the weakness really lie with Iot devices and our infrastructure. With this attack reaching 1.6tbps we’re seeing a new world where – yes – script kiddies will be the ones pushing out these attacks. But I still hold on to the idea that no script kiddy is interested in attacking our infrastructure.  Given the fact that the code for the Mirai botnet is out there now, well, some idiot will try to do it.  But unlike the first time, they will most likely get caught.  And most script kiddies will continue to attack the networks of PS4 and Xbox live. So until next time – DDoSing kings or queens.

Categories:Security News

Leave a comment