So Starhub users were unable to access the Internet through their broadband service on Saturday and Monday evening. It turned out that on both occasions, Starhub servers were subject to DDOS attacks. A DDOS attack is when there is a large number of devices sending requests for information to a server. When there are more requests than the server can handle, information flows slow.
A key component of a DDOS attack is a network of infected devices that are connected to the Internet. These devices would be affected by malwares by the person who is launching the attack. These devices are known as bots. Collectively, the form a botnet. When you have a botnet with enough bots sending out coordinated requests to servers, that’s when the servers slow down or even freeze.
Starhub isn’t the only server that suffered DDOS attacks. Dyn, an American DNS service was also attacked. While it is unlikely that those two attacks have anything in common, the common theme is that the devices that were involved in the DDOS attacks weren’t just laptops or computers. They involved various devices that were connected to the internet, devices such as routers, printers, webcams. This presents an unprecedented opportunity for people wishing to launch DDOS attacks and threat for the rest of us.
With so many devices connected to the internet, people wishing to launch DDOS attacks have a huge number of devices they can choose from to infect. With so many devices, there are bound to be enough devices that have weak security that the hackers can infect with malware.
Starhub’s investigations found that the DDOS attacks came from the internet connected devices owned by the Starhub subscribers. Some people are unhappy that Starhub seemed to be blaming their own customers for the outage. I don’t think Starhub was blaming their customers. They were just stating facts.
The fact remains that a lot of us don’t think about what sort of devices we are buying. A lot of these devices are made in China, with poor or non-existent security. They are easy targets for hackers to infect with malware. While we may not have known the consequences of our own actions in the past, and hence can’t really be said to be responsible for the outages. That said, we can and do need to play our part.
For a start, we need to know how DDOS attacks work. Next, we should follow the advice given by Mr Mock Pak Lum, Starhub’s Chief Technology Officer (CTO):
- Only get devices of reputable brands
- Change the default passwords
- Set up necessary defences such as firewalls on such devices
That still may not be enough to completely stop hackers. But at least that’s better than doing nothing. As much as each and everyone of us has a part in counter-terrorism and ensuring our physical security, we also have a part to play in ensuring cyber-security.
[Featured image: Starhub]