When I talk to friends and family, and even IT journalists, the importance of DNS security is not exactly common knowledge. I can’t blame them. Most of the attacks are never made public. For instance; your banks’ online services are down, and the reply is – “Our service is down due to some upgrades”. And we never doubt this.
But more recently there have been cases in the public eye that caused severe disruption to peoples’ ordinary lives.
Here are a few of the most infamous;
In August this year, one of the largest Internet providers in the Netherlands, Ziggo, was struck by a DDoS attack leaving hundreds of thousands of customers without access to the internet. After the attack, Ziggo went out to media and claimed that they had taken extra security measures to make it harder for hackers to attack their servers. “If all goes well, Ziggo customers will no longer be affected by these attacks”, they said.
The day after, there was a second attack, more severe than the first one – and so Ziggos customers were left without access to the Internet again.
Who was responsible for the attacks? Anonymous has claimed responsibility, but it has not been confirmed. The reason behind the attacks? Apparently it was angry customers who believed that Ziggo had been increasing their prices whilst providing inadequate services, and so they brought down the whole service in a matter of minutes.
In April, the St. Louis Federal Reserve suffered a DNS Breach, where the attackers succeeded in hijacking the domain name servers for the institution. It was reported that “the attack redirected online searches for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in a bid by cybercriminals to hijack online communications of banks and other entities dealing with the regional Fed office”[1].
In Sweden, one of our largest communication providers, Telia, was the victim of a severe DDOS attack last year. It caused disruption for over 24 hours to five million plus Swedes that use Telia for essential services including telephone, TV and mobile connections.
Last year we witnessed the largest cyberattack in history, whenindependent media sites in Hong Kong were pounded with junk traffic at 500 gigabits per second. This time the attackers managed to hijack “servers from the Cloud services of Amazon and European hosting provider LeaseWeb, to launch their attack”[2]. Overwhelmed with requests, ISPs like Virgin Media in the UK halted legitimate connections to the sites, saying: “We’re seeing over 250 million DNS requests per second, which is probably on par with the total DNS requests for the entire Internet in a normal second”.
When speculating on who was behind the attack, it seemed likely to be the Chinese government, an individual person, perhaps wanting the Chinese Government to look bad. No one knows.
We all know about what happened to Sony Pictures, Target and Hilton. And even more recent is the case of the UK Telecoms company TalkTalk, the victim of a heist masked by a DDOS-attack. 157 000 of their users were affected by the hack. 28 000 credit and debit card details were stolen, 15 656 bank account numbers were accessed and 1.2 million email addresses, names and phone numbers were also taken. TalkTalk has lost a third of its value since the attack.
Regardless of who´s behind the attack, all of these attackers have one thing in common and that’s misusing the DNS environment to accomplish what they are set out to do. One individual, responsible for the largest cyberattack in history. Ora couple off angry customers using a DDOS attack to voice their complaints, bringing down your whole service.
If that doesn’t make you worry about your DNS security…
[1]Krebs, Brian: Citing Sources [http://krebsonsecurity.com/2015/05/st-louis-federal-reserve-suffers-dns-breach/]: para. 1 [Nov 26 2015]
[2] Olson, Parmy: Citing Sources [http://www.forbes.com/sites/parmyolson/2014/11/20/the-largest-cyber-attack-in-history-has-been-hitti…]: para. 6 [Nov 26, 2015]