UPDATED 14:14 EST / MARCH 29 2013

NEWS

This Week in DDoS: CyberBunker vs. Spamhaus, MtGox Bitcoin Exchange and Dwolla, SendGrid

It’s been an interesting week for the concept of distributed denial of service attacks (DDoS) and one of the biggest takeaways of everything we’ve seen is that the total scale of DDoS is increasing. Evermore it’s not just the usual Red Queen race in play, but attackers are thinking and innovating methods of using infrastructure against itself or botnets in order to strike out and “punish” opponents.

Often this punishment comes with very real fallout for everyone else on the Internet, especially those in the immediate neighborhood of those under attack.

The Bunker vs. Spamhaus

By now you’ve probably heard about a disagreement between Dutch company CyberBunker and Spamhaus that escalated into one of the most massive DDoS cyberattacks ever seen. According to CloudFlare the attack reached amazing volumes.  “The attack, initially, was approximately 10Gbps generated largely from open DNS recursors. On March 19, the attack increased in size, peaking at approximately 90Gbps. The attack fluctuated between 90Gbps and 30Gbps until 01:15 UTC on on March 21.”

In what the industry is starting to wonder may be a hint at the future of what could be dubbed “corporate cyberwarfare.” In fact, the rhetoric being used in the security community has expanded greatly in regards to the recent massive DDoS strike calling it “a nuclear bomb” but in fact it had little effect outside of the networks the attack flowed across.

Misconfigured DNS servers can be used to amplify a DDoS attack by up to x50 its original strength. The CyberBunker attack managed to rustle up 30,000 DNS servers to carry out their assault against Spamhaus which led to the stunning amount of raw (noisy and useless) data flowing across those networks. For an excellent explanation of what a DNS amplification attack consists of, CloudFlare has a brilliant post.

Most of the information on this attack has come from CloudFlare and their interpretation of events has been called into question—but it’s still obvious something big went down (although perhaps not as broadly effective as previously reported.)

It may not be on the level of Shadowrun or a William Gibson corporate dystopia, but massive DDoS attacks between corporations is certainly the next level when it comes to hitting the competition. The problem is that it has a direct effect on the infrastructure and quality of service of those networks affected—DDoS has “splash damage” and the aftershocks of these sort of effects can cause losses for more than just the target.

In many jurisdictions taking part in a DDoS is illegal and has led to the arrests of members of Anonymous and others who have used it in the past. This will not be the last time that a corporation (such as CyberBunker) will use this to bully or harass.

MtGox Bitcoin Exchange and Dwolla

Bitcoin has seen a lot of popularity recently and, as a result, processors for the cryptocurrency and exchanges have been the target of DDoS attacks. Payment processor Dwolla became the first to notice a cyberattack under way and then Bitcoin exchange MtGox also came under fire—it’s currently unknown who was attacking the sites or why, but it’s not an uncommon event for Bitcoin exchanges and processors. Niche spaces that involve money making are especially susceptible to DDoS and it could be used to camouflage fraudulent activity—although it’s harder to get away with that sort of thing with bitcoins themselves, it might be possible to wound an exchange or processor.

MtGox saw a dip in the value of BTC lagging along the peak of the DDoS but the value quickly sprang back up again. Current talk amid the market is that a 5,000 BTC sale happened during that time and this is what caused the value dip.

SendGRID

In the drama front, almost a week ago the drama surrounding Adria Richards hit the news and social media when she ousted several men at a Python developer conference (Pycon 2013) for telling jokes during a presentation by taking their picture. One of the men photographed subsequently lost his job (although neither men in the photo or incident were identified by name.)

This led to a massive eruption of social media reaction and a news media storm about Richards and her actions. All of this tends towards an example of how Internet drama can escalate from heated words (or in this case hostile, scary words) into immediate corporate losses.

It also led to a DDoS broadside against her employer, SendGrid, most likely perpetrated by attackers from the 4chan community—as they are wont to use that tool to amplify their criticism of any given outfit that has an Internet presence. The attack took SendGrid’s API and website offline for approximately six hours on March 21st.

Unfortunately we’re the recipients of a DDOS attack.  During this time there were periods where SendGrid was accepting mail but we were not posting the uptime status until we knew it was safe for us to do so without further retaliation. We are confident that there was no security breach with any customer data. We realize that anytime SendGrid is down it severely affects our customers. We will be working to reduce our collective exposure to future instances in the coming days. Thank you for your understanding and support. – Jacob

In this fashion, cyber vandals have been able to make more than just their voices known but inflict real damage on services by knocking them offline. In that this event wasn’t one of corporation-on-corporation cyber “violence” but that of a sort of Internet mob justice ignited by conference drama puts this into the same boat as the Internet highwaymen hacker crew LulzSec—who hit CIA.gov with DDoS, amid others during their rampage.

The ease of which DDoS attacks can be directed at corporate websites and Internet services means that mitigation is a must-have in this environment. With companies such as CloudFlare enabling cloud-caching of websites and digital distribution networks such as Akamai, it’s something that any publicly available Internet service may need to buy into.

A DDoS attack could be likened easily to a “flood of data,” so DDoS attack mitigation could be seen as “flood insurance” (or at least levees and sandbags.)


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU