Starhub outages due to DDOS attacks… wait… what are DDOS attacks?

TL;DR – DDOS attacks can be really painful.

via CBRonline

via CBRonline

Starhub users had to suffer two outages recently. The first was on Saturday evening. The second was on Monday evening. Starhub had since worked out to uncover the root cause of those outages. On 25 Oct, Starhub released this media statement:

“We have completed inspecting and analysing network logs from the home broadband incidents on Oct 22 and Oct 24 and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our domain name servers (DNS). These two recent attacks that we experienced were unprecedented in scale, nature and complexity”

Let’s try to unscramble that statement into something easier to understand.

What are DNS?

First up, we need to understand what DNS (domain name system) is. A domain name is the website name (e.g. unscrambled.sg). Each website is hosted on a server (or a series of servers). Each server has what’s known as an IP address (IP stands for internet protocol). Each IP address is a series of numbers. So when you key in the domain name, a service is needed to translated that domain name into the IP address of the server that is hosting the website.

Explanation of DNS. Image from howstuffworks.com

Explanation of DNS. Image from howstuffworks.com

So a DNS is like the postman of the internet. It directs the flow of information on the internet to and from your computer to and from the servers that hosts various websites. If the DNS gets jammed up with more information than it can handle, then some of the information cannot get to where it needs to get to. In other words, if the DNS gets jammed, then you won’t be able to send or get information from the websites you want to access.

Enter DDOS attacks

And that is what an DDOS attack does. DDOS stands for distributed denial of service. And that’s what a DDOS attack does. It denies service. It floods the target server with so much information that the server just can’t get or send information properly. Flood it with even more information and the whole server may just freeze completely.

And that’s what caused the outages suffered by Starhub. And also by DYN, a company that provides DNS management service for some of the world’s most popular websites (e.g. Twitter, AirBnB, Spotify). That’s why many of the world’s most popular websites were exceptionally slow or unaccessible in North America on 21 October.

How do DDOS attacks work?

It starts by the attacker infecting a large number of devices that are connected to the internet with what’s known as a malware. With that malware, the attacker can then get those devices to send coordinated requests for information to the targeted server. These devices are then known as bots. Collectively, the affected bots form a botnet.

If there are enough bots in the botnet launching a coordinated strike, the attacker may be able to flood the targeted server with more requests for information than the server can handle. And that’s when the server freezes up, causing other users to experience an outage.

What a DDOS attack looks like. Image: bleepingcomputer.com

What a DDOS attack looks like. Image: bleepingcomputer.com

What sort of devices can be hijacked to be part of a DDOS attack?

Any device that can connect to the internet. And that’s why now, more than ever, the threat of DDOS attacks are more serious. Why? Because there are so many devices connected to the internet today. It’s not just computers or laptops that can be infected by malwares and turned into a bot. Printers, cameras, home routers, baby monitors, anything. So malicious hackers have more choices of things to infect with their malwares and grow their botnet.

Indeed, in a media briefing on 26 October, Starhub revealed that web-connected devices owned by Starhub subscribers  were part of the DDOS attack that led to the two outages. These devices included routers and webcams.

Remember when a bunch of other sites were down last week?

Let’s digress from the Starhub issue for a bit. Earlier we’d mentioned the DYN episode when a bunch of popular sites were down last Friday? Did you know that we might have been responsible for what happened to the outage of those websites last week? Yes, us with our DVRs, security cameras and whatever smart devices that we use to connect to those.

via Savvyonweb

via Savvyonweb

Yes, it was the Internet of Things (IoT) that were used to trigger the DDoS attacks which took down those sites last week. You see, anything that’s connected to the Internet has an IP address, and hackers can easily google or search for IP address to hack into. Believe me, you’re not the only one whose username and password are ‘admin‘ and ‘admin‘. How about ‘password‘ as password?

Or in fact, many of us leave the factory default login details intact for our home appliances like babycams and all. So the hackers just have to try and they will be able to hack into A LOT of such devices and remotely control them to launch an attack on servers to take the sites down.

You didn’t think it could have been you, right?

Take cyber-security seriously!

The DDOS attacks on Starhub and the outage of the major sites last Friday are wake-up calls for all of us to take cyber-security seriously.

That’s an area that the government is working hard on too. A new laboratory has been launched in Singapore to develop new technologies to combat security threats.  The National Research Foundation (NRF), National University of Singapore (NUS), and Singtel have pledged to invest $43 million in the laboratory over the next five years. The laboratory will conduct research in areas such as data analytics and machine learning for automatic cyber attack detection, and tamper-proof encryption techniques.

So what can we do?

According to cert.gov, in order to prevent a malware infection on an IoT device, users and administrators should take following precautions:

  • Ensure all default passwords are changed to strong passwords. Default usernames and passwords for most devices can easily be found on the Internet, making devices with default passwords extremely vulnerable.
  • Update IoT devices with security patches as soon as patches become available.
  • Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
  • Purchase IoT devices from companies with a reputation for providing secure devices.
  • Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it to operate on a home network with a secured Wi-Fi router.
  • Understand the capabilities of any medical devices intended for at-home use. If the device transmits data or can be operated remotely, it has the potential to be infected.
  •  

    We can all do our part to keep the online world alive and safe. Only by being careful and working together, can we reduce the number and intensity of DDOS attacks.

    Recommended reads
    Mashable on why hackers choose DDoS attacks
    Cnet on why it was so easy to hack the cameras that took down the web
    Wired on the Chinese IoT firm recalling millions of cameras



    Author: Jake Koh

    Recovering sushi addict, I’m a man of mystery and power, whose power is exceeded only by his mystery.


    Leave a Reply

    SUBSCRIBE

    Let us email you when new posts are up!