This is a guest article written by Stuart Winter-Tear. The author’s views are entirely his own and may not reflect the views of IT Governance.
With Grinch-like predictability, DDoS attacks have almost become part of the Christmas and New Year festive period.
Last year saw Microsoft and Sony gaming networks swamped and taken offline much to the chagrin of players worldwide. I’m not entirely sure what the “hacktivists’” motives were and I’m not convinced they feel they need one.
This year was no different except for this particular DDoS attack on Steam, which allowed users to view other users’ private information:
In response to this specific attack, caching rules managed by a Steam web caching partner were deployed in order to both minimize the impact on Steam Store servers and continue to route legitimate user traffic. During the second wave of this attack, a second caching configuration was deployed that incorrectly cached web traffic for authenticated users. This configuration error resulted in some users seeing Steam Store responses which were generated for other users. Incorrect Store responses varied from users seeing the front page of the Store displayed in the wrong language, to seeing the account page of another user.
As you can see in this account from Steam, a configuration error designed to mitigate the attack served to exacerbate it.
I have warned before of the dangers of DDoS attacks masking a more sinister attack, and I also noted this:
Nothing gets the heart pumping and mind racing quite like a massive DDoS attack; criminals know this and leverage it to their advantage.
I know the pressure is on, but so do the criminals. Keep calm. During a DDoS attack, be even more vigilant for other unusual network activity.
Did the team tasked with the configuration changes during this DDoS panic? I don’t know, but I will leverage this incident to ram home just how important it is to remain calm during a DDoS storm.
Another incident this festive season involved the BBC.
All of the BBC’s online platforms became intermittently unavailable on New Year’s Eve. A Tweet from the BBC duly informed us this was due to a “technical issue”.
At the same time, however, sensors were reporting an unusual 11% up-tick in UK Internet activity. It didn’t take a huge leap to link these incidents together and shortly later the BBC – in a rather bizarre fashion – announced:
Sources within the BBC said the sites were offline thanks to what is known as a “distributed denial of service” attack.
I say bizarre as they also added:
The BBC has yet to confirm or deny that such an attack was responsible for the problems.
The BBC went on to publish some claims made by an “anti-ISIS” hacktivist group claiming responsibility.
Regardless of who was responsible, we are able to deduce that the scale of this DDoS attack was massive.
A few things we can learn
Holiday periods are particularly attractive for online miscreants. They know troops are thin on the ground and are cognisant that this is a shrewd time to strike.
The scale of DDoS attacks is increasing. If the BBC incident really did represent an 11% upsurge in UK Internet activity, then this attack was enormous, perhaps unprecedented.
During a DDoS, stay calm. Keep your head and make no rash decisions or changes.
Happy and secure New Year!