China’s 8 million websites suffers ‘largest ever’ attack
An interesting read published in SMH.
A number of Chinese websites were inaccessible on Sunday after the country suffered what its government has called the “largest ever denial-of-service attacks” on its domain name system.
The outage affected many internet users’ access to the more than 8 million websites registered with the country’s top-level country domain, .cn, including popular social network Sina Weibo.
It even prompted some to speculate that the attack was done deliberately by China’s own government, to prevent public discussion of fallen Chinese politician Bo Xilai, whose trial recently ended.
Chinese internet users were unable to access a number of websites ending in the .cn suffix.
Chinese internet users were unable to access a number of websites ending in the .cn suffix. Photo: Bloomberg
Dan Holden, director of research at Arbor Networks, which monitors internet attacks and sells security software and hardware, told Fairfax Media the firm witnessed a “significant increase” in distributed-denial-of-service attacks targeting the .cn domain on Sunday.
A distributed-denial-of-service attack makes web servers unavailable by flooding them with millions of requests at once using thousands or millions of compromised “zombie” computers all around the world.
“The number of attacks more than doubled and [Arbor Networks’] ATLAS traffic statistics show a significant increase in attack size, indicating a serious attack was carried out,” Holden said.
According to the China Internet Network Information Centre, the attacks began early on Sunday and came in two major waves. The centre issued a statement condemning the attacks and apologised to users for slow or interrupted access to Chinese websites.
Exactly how long the attacks lasted remains unknown, with numerous news websites reporting varied lengths of disruption.
The South China Morning Post reported the attacks lasted from early Sunday until Monday afternoon, while the Wall Street Journal said they lasted between two and four hours.
CloudFlare, an IT firm that provides web performance and security services for more than 1 million websites, told the Journal it observed a 32 per cent drop in traffic for thousands of Chinese websites on its network during the attacks compared with the same time 24 hours earlier.
“That’s likely representative of the overall drop in traffic generally,” chief executive Matthew Prince told the Journal.
Ty Miller, founder and CEO of Australian IT security firm Threat Intelligence, explained that the attacking party basically prevented the Chinese web registry – similar to the Yellow or White Pages – from functioning.
“The Chinese registry basically tells your web browser where a website is located. If the registry can’t respond, then users can no longer find the websites, causing them to disappear,” he said.
Miller added that registries were “a valuable target for attackers across all countries as they can cause devastation to a lot of people if they are take down or compromised”.
For as little as $20 individuals with semi-technical experience could cause a large amount of damage on the internet these days, he said.
“There are a large number of websites that can be taken down by attacks from low-powered computers by simply exhausting the maximum number of connections to the website so that no-one else can connect.”
It would be difficult for authorities to determine where the attacks came from, Miller said, because of the way distributed-denial-of-service attacks are carried out.
“The original threat could be located in China or anywhere else around the world.”
Source Credits: Smh.com.au