At 17:28 GMT, February 28th, 2018 (4:28 AEDT, March 1st) Akamai, a global leader in Content Delivery Network services which make the Internet fast, reliable and secure for its customers, experienced a 1.3 Tbps DDoS attack against one of their customers, a software development company called GitHub, driven by memcached reflection and amplification.
Wait a minute, what do all these words mean?. ..
1.3Tbps means 1.3 trillion computer bits per second, or 163 GB/sec, of data being directed from multiple individual compromised computers, a botnet, at a single computer network overwhelming it in a Distributed Denial of Service attack. Memcached is a distributed memory caching system and is used to speed up dynamic databasedriven websites and Internet-facing services by caching data and objects in very fast random-access memory. It is often deployed in Cloud data centres.
Marek Majkowski of GitHub customer Cloudfare explained that:
“The general idea behind all amplification attacks is the same. An Internet Protocol-spoofing capable attacker sends forged requests to a vulnerable User Datagram Protocol (UDP) server. The UDP server, not knowing the request is forged, politely prepares the response. The problem happens when thousands of responses are delivered to an unsuspecting target host, overwhelming its resources – most typically the network itself.” (UDP provides faster responses than the Transmission Control Protocol more commonly used on the Internet.)
Followers of Australian news will remember that the 2016 Census online site was brought to its knees by what was considered a puny DDoS attack and was down for several days. David W. Kalisch, Australian Statistician, announced on 10 August 2016: “The 2016 online Census form was subject to four Denial of Service attacks yesterday of varying nature and severity. The first three caused minor disruption but more than 2 million forms were successfully submitted and safely stored. After the fourth attack, just after 730pm, the ABS took the precaution of closing down the system to ensure the integrity of the data. Steps have been taken during the night to remedy these issues, and I can reassure Australians that their data is secure at the ABS.”
APDR has approached the Australian Cyber Security Centre for comments on 2018 potential DDoS vulnerability of Australian computer networks. They had not responded by the author’s article submission deadline.
THREATS FROM CYBER OPERATIONS – A BRIEF SURVEY
The US Council on Foreign Relations’ Cyber Operations Tracker contains records of almost 200 state-sponsored attacks by 16 countries since 2005, including 20 in 2016. These are their published cyber operations categories:
• Distributed Denial of Service – The intentional paralysing of a computer network by flooding it with data sent simultaneously from many individual computers.
• Espionage – The act of obtaining confidential information without the information holder’s consent.
• Defacement – The unauthorised act of changing the appearance of a website or social media account.
• Data Destruction – The use of malicious software to destroy data on a computer or to render a computer inoperable
• Sabotage – The use of malware that causes a disruption to a physical process, such as the provision of electricity or normal function of nuclear centrifuges.
• Doxing – The act of searching and publishing private or identifying information about an individual or group on the internet, typically with malicious intent.
INTERNATIONAL CYBER SECURITY CONSULTATION
On Thursday 22 February Australian Prime Minister Malcolm Turnbull and senior Australian officials met with Kirstjen Nielsen, US Secretary of Homeland Security, Admiral Michael S. Rogers USN, who wears three hats as Commander, US Cyber Command, Director, National Security Agency, Chief, Central Security Service. They were joined by senior US Government officials and industry and think-tank cyber-security experts.
The high-level roundtable was hosted by the Australian Strategic Policy Institute and the Centre for Strategic and International Studies at CSIS Headquarters in Washington D.C.
Discussion focused on how to deter and respond to unacceptable behaviour in cyberspace – particularly by states and their proxies – and how to strengthen coordination between government and the private sector. The outcomes will frame the agenda for the second 1.5 Track Australia-United States Cyber Security Dialogue to be held in April 2018.
“We’re delighted Prime Minister Turnbull was again able to participate in the US-Australia 1.5 track cyber dialogue”, the Head of the ASPI International Cyber Policy Centre Fergus Hanson said. “Having the top decision makers in the same room discussing the most pressing cyber challenges means we can get straight to the big issues.”
CRITICAL INFRASTRUCTURE – IS IT FULLY PROTECTED?
With the establishment of a Home Affairs Department as a ‘portfolio agency’ for ASIO, the AFP, the Australian Border Force, the Australian Criminal Intelligence Commission, AUSTRAC and the Office of Transport Security we can expect more focus on critical infrastructure protection before and remediation after cyber security attacks.
Critical infrastructure provides services that are essential for everyday life such as energy, food, water, transport, communications, health and banking and finance.
Less well known is that in early 2017 a Critical Infrastructure Centre (CIC) was set up in the AttorneyGeneral’s Department to assess the risk of sabotage, espionage and coercion on telecommunications, electricity, water and maritime ports arising from foreign involvement closely in those sectors. They work with the cyber security agencies.
As the CIC states on its website ‘A disruption to critical infrastructure could have a range of serious implications for business, governments and the community. Secure and resilient infrastructure supports productivity and helps to drive the business activity that underpins economic growth.
‘The Critical Infrastructure Resilience Strategy, which comprises a policy statement and a plan for practical implementation, aims to ensure the continued operation of critical infrastructure in the face of all hazards.
‘This department is the lead agency for critical infrastructure. We are responsible for the Critical Infrastructure Centre and managing the Trusted Information Sharing Network (TISN), an environment where business and government can share information on critical infrastructure vulnerabilities and techniques to assess and mitigate risk. Through the TISN, members also share information on organisational resilience, to enhance business’s ability to adapt and evolve as the global market is evolving, to respond to short term shocks or long-term challenges.’
IN CONCLUSION, MANDATORY DATA BREACH REPORTING
The Notifiable Data Breaches (NDB) scheme commenced on 22 February 2018. The NDB scheme mandates that Australian Government agencies and the various organisations with obligations to secure personal information under the Privacy Act 1988 (Cth) (Privacy Act) notify individuals affected by data breaches that are likely to result in serious harm.
The Australian Information Commissioner, Timothy Pilgrim, said:
“The Notifiable Data Breaches scheme formalises a long-standing community expectation to be told when a data breach that is likely to cause serious harm occurs.
“The practical benefit of the scheme is that it gives individuals the chance to reduce their risk of harm, such as by re-securing compromised online accounts. The scheme also has a broader beneficial impact — it reinforces organisations’ accountability for personal information protection and encourages a higher standard of personal information security across the public and private sectors. “By reinforcing accountability for personal information protection, the NDB scheme supports greater consumer and community trust in data management. This trust is key to realising the potential of data to benefit the community, for example, by informing better policy-making and the development of products and services.”
In 2018 we can expect more and larger DDoS attacks, other cyber attacks that will affect critical infrastructure or other major users of information technology. Hackers, other state and non-state actors will gain access through the rise of the Internet of Things (IoT) where vulnerabilities occur because users do not properly protect their devices, especially internet-connected smartphones.