Irish websites attacked with DDoS

Attacks on Irish websites in the last 3 days.

Posted on 22 January 2016 -
Tibus BY Tibus

What are they?

A DDoS is a Distributed Denial of Service, pronounced 'dee-doss', also known simply as a DOS ‘a dee-oh-ess’ to some of us older heads. Essentially it is where such a large flood of data is launched at a website, it effectively renders the website unreachable for normal website visitors. For all intents and purposes, a DDoS saturate portions of the Internet so that websites look to their visitors as if they are offline.

Bit of history, at least as we saw it from our little perch.

We recall that around the period 1999-2002, DDoS attacks were common and they were extremely impactful. Pre-engagement and technical conversations often focused extensively on DDoS measures. The Internet was based on much smaller bandwidth so DDoS attacks could be relatively impactful, even to larger players. Tools to detect and guard against DDoS such as IDS (Intrusion Detection Systems) were also far less mature than they are now. The idea of RTBH (Remotely Triggered Black-holes, a means of cutting off DDoS attacks throughout a network hierarchy) was maybe some 8-10 years from being talked about in anger. Then they sort of disappeared.

This was probably because they went out of fashion to some extent and were seen as somewhat passe to the guys out there capable of, and intent on, causing disruption to online targets. As Internet capacity around the world increased (particularly within the Internet backbone), the impact of a DDoS could largely be weathered by service providers and their clients. DDoS kind of went away for a few years.

Back, with a really tiresome bang.

But DDoS attacks seem to be back in vogue again. A person or group intent on causing harm to an online target can buy a DDoS attack with a few Bitcoins, almost as easily as one might order a pizza to be delivered. Adroit organisations harness compromised routers and computers (usually due to software that is not patched up to date) and turn those innocent devices into launchpads for DDoS attacks, often without their owner being aware at all. These groups offer their service for hire to anyone with a Bitcoin account and a basic grasp of the darker parts of the web. So the attacks are easier to organise and co-ordinate. The stigma of using a DDoS attack (as opposed to a precision or knowledge based attack) seems to have gone too.

DDoS really are the worst.

To us, DDoS attacks are particularly insidious as they turn the very principles of the Internet against it, against us Internet users. The Internet is based on websites being always on, open to anyone at any time, no matter where they are in the world. No matter who they are. The more, the merrier – that’s the principle of the open web. That openness is the very foundation of the Internet, that spirit of connectedness. DDoS exploits that design goal, that central tenet of the Internet to attack certain websites anonymously and often from afar. And for us, that is the most worst thing about them: they turn the best of the Internet’s connectedness, it’s openness, into a tool to do harm instead. That’s just not okay with us.

The DDoS attacks against Irish targets of late.

  • Friday 11th December: An attack on an Irish client of ours (the largest we have ever seen) on Friday 11th December. It was 55Gb in size and caused many of our other clients harm too.
  • Tuesday 19th January: An attack on another of our Irish clients, a large financial institution and though 28Gb in size, it was also very difficult for some of the clients that were logically adjacent to the targeted client. Though not Tibus clients, the Irish Lottery and even Boards.ie were affected, presumably as part of the same attack.
  • Friday 22nd January:  Attack on Irish government clients (or at least on their DNS) that rendered a number of sites we host unreachable. We cannot measure the attack size as it was not aimed at our own network, but it has made news.

Why are they attacking Irish targets?

We don’t know. But it has the trappings of hacktivism. As individuals within Tibus, we might actually have some sympathy for those angry at the way the world seems to be changing. Perhaps these attacks are timed to coincide with the meeting of the masters at Davos. Who knows? We certainly don’t. But whatever the background is, for us it just isn’t right to use DDoS to make a point. Too many other Internet users are affected in a DDoS attack.

What can be done?

The most difficult thing about DDoS attacks is that they can often resemble large traffic spikes, especially in their very earliest stages. And as hosting company we’re all about helping our clients cope with loads of visitors to their site during online sales or ticket releases or news or whatever. That’s the whole point of what we do – help clients manage their busiest times online, so shutting down incoming traffic is counter-intuitive. We’ve tended to reject ‘automatic shutdown’ systems as the risk to our clients normal web traffic is too great.

But we are taking a slightly different approach to defending our clients against these DDoS attacks, both at network level and for individual clients. We’re talking to our clients about these tactical measures now. If you are a client of ours and need some additional assurance about or protection from DDoS, please do talk to us as soon as possible. We have some options for you, some network related and some tactical. We’ll be implementing the network-level changes for all our clients.

Ultimately though DDoS attacks cannot be avoided. They will always be possible because of the way the Internet works. We can help our clients defend against them if they are the target of a DDoS, and we can mitigate their impact for clients that aren’t the target themselves.

Just don’t do DDoS?

We think however that the most effective measure is, for all of us involved in the Internet to somehow persuade those of influence that the use of these DDoS tools just isn’t cool.

No matter what the cause is, DDoS attacks are against the very foundations of the open Internet itself.