Nation-Blanking DDoS Attacks Launched By Individuals Now Proven Able To Take Entire Nation’s Off The Net

November 4, 2016
No Comment

Bob Gourley

We live in times of extreme technological hooliganism, where small groups or even individuals can cause asymmetric damage from a distance. This was proven several times over the last few months, most famously in the 21 October attacks against Dyn that impacted many of Dyn’s clients, including Amazon, Twitter, Reddit, Airbnb, New York times, Spotfiy, Netflix and many others sites.

Conversations with researchers throughout the community and analysis of motives of recent large attacks like that one lead us to conclude that these large attacks are not the result of nation states attacking our infrastructure. This is very likely one or maybe two individuals causing this havoc.

That point should make you think of two things:

  1. If lone actors could do this, consider what many lone actors could do acting individually or collectively
  2. If lone actors could do this, consider what a nation could do

Other interesting thoughts arise when the size of the attacks are considered. According to the Verisign DDoS Trends Report for 2Q2016, peak attack volume for DDoS Attacks was coming in 256 Gigabits per second (Gbps). The big attacks in October were over 1 Tbps, a big leap, and predictions that soon botnets capable of 14 Tbps in size may be conducted very soon.

Very few businesses and very few ISP’s can withstand an attack of 1 Tbps. That size attack can threaten entire segments of the economy and even nations. And with even larger capabilities coming, Nation-blinding attacks can be expected.

Today saw proof that at least one nation-blinding attack has been tested. A new botnet began targeting Liberia in west Africa 2 and 3 Nov. The attack was brief, leading some researchers to conclude it was a test. Many of us believe this too was the act of a small group, not another nation. Someone is doing this for kicks.

Clearly the ability to conduct these attacks is growing. I estimate capacity for this attack will grow by an order of magnitude over the next 30 days.  Imagine what size attacks will be possible in just 30 days. Imagine Venezuela, Colombia and Ecuador all being taken offline at the same time. Or you pick the other countries that get hit. Or imagine the companies that make up your supply chain being hit hard. This could have an impact on you.

Or imagine eBay, Amazon and Walmart being taken out before people get a chance to order holiday gifts.  Or imagine the Post Office, FedEx and UPS being taken out for days or weeks. What would that do to your personal and/or business life.

Worse yet, imagine financial clearing houses being disrupted, slowing financial settlements.

The 9/11 attacks were failures of imagination. Lets not repeat that mistake in not thinking through the impact of nation-blanking attacks. Lets imagine the damage and then find better ways of taking collective action to mitigate them.

What can be done to prevent this attack or mitigate the impact of similar attacks when they occur? We provide our thoughts here, segmented into recommendations for Home Users, Business Users and Local, State, Federal Governments.  And we are updating all that guidance now to underscore, you have to find backup ways to communicate and we recommend doing so asap.