The massive DDOS attack against Dyn DNS started on Friday, whereas the online literacy test issue took place on Monday. For Ontario’s botched online literacy test, the government agency responsible for its implementation claims that the failure was due to a larger international cyber-attack (tgm).
A technical issue that scuttled plans for thousands of Ontario students to take an online literacy test was caused by a cyberattack, the province’s standardized testing agency said on Monday.
The Education Quality and Accountability Office said in a statement that the cancellation was the result of an “intentional, malicious and sustained distributed denial of service (DDoS) attack – a type of cyberattack.”
As many as 190,000 students at more than 900 secondary schools had volunteered to test the online version of the Grade 10 literacy assessment last week before it was to be rolled out further.
But frustration grew because of technical problems, and, by the end of the day, the EQAO had cancelled the test and issued an apology.
At the time, Education Minister Mitzie Hunter said she was disappointed by the cancellation, as students had prepared to write the test but were unable to.
The EQAO said on Monday that it was swept up in a massive international cyberattack that blocked “legitimate users,” including school boards, schools and students, from accessing the test application.
The attack began shortly after 8 a.m., the agency said.
While not impossible, we have to ask: could it be that this government agency is using the news on massive attacks to get off the hook for their poor execution of this project? We may never know.
When it comes to the DDOS attack, here’s the statement Dyn had posted on its website:
"This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue.
Starting at 11:10 UTC on October 21th-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.
Customers with questions or concerns are encouraged to reach out to our Technical Support Team."
DDOS is a brute force attack relying on an army of bots to create a deluge of fake requests on their target, until the target collapses, unable to service said requests. In this case, the target was Dyn’s DNS. DNS is the phone book of the Internet and whenever you enter a web address into your browser, that needs to go to a numerical address and that service is provided via DNS; some call it the phonebook of the web. Such attack are lately perpetrated by bots that have corrupted the IoT devices, such as Internet TV (IPTV) boxes, “smart” fridges, etc. The rate of infection increased with the recent release of Mirai, a tool that automates infection and takeover of IoT devices.
Press reports identified a number of sites and services that suffered.
The massive DDoS attacks made it impossible for some users to connect to Twitter, Spotify, Reddit, CNN, Etsy, The New York Times, PayPal, some customers on Amazon,Netflix, the Boston Globe, GitHub, SoundCloud, Pinterest, Tumblr and some cable companies, Okta, Sony’s PlayStation Network, The Wall Street Journal and thousands of other sites.
What is interesting with a DNS DDOS is that the sites and services themselves are working fine, but cannot be accessed due to DNS queries failing.
Ironically, Dyn’s principal data analyst, Chris Baker, had penned just the day before the attack an article asking what was the impact of the above on DNS operator. Perhaps the answer is redundancy. It is difficult to build adequate redundancy as every new attack breaks a new record.
Then again, a professional services provider such as Dyn may have a perverse incentive to claim the attack is bigger than anything ever seen as they have a reputation to protect and their business model is based on their authority and perception of experience / professionalism.
Here’s the case for a two-tier Internet (itw).
“The underlying problem of all the badness on Internet is mostly the ability of the attacker to be anonymous,” Roger Grimes, principal security architect in Microsoft’s, information security and risk management practice, said in an interview.
“I’m against pervasive anonymity, which is what the Internet is built on. I’m for pervasive identity, and then people and services that want to maintain anonymity would be shunted to kind of a second-tier internet, where people would accept those risks. But where you have pervasive identity – at a device and user level – it’s easier to track back the culprits.”
Grimes, who had just returned to his home in Florida after speaking at last week’s SecTor cyber security conference in Toronto, noted there are identity services available now on the Internet that could be leveraged. He made a detailed explanation in a 2014 whitepaper, but put simply an organization could say that unless a person has a verifiable ID – perhaps using two-factor or biometric authentication – they can’t access the firm’s server. Or, your packet can’t come to my company’s site unless you’ve been verified as coming from a trustworthy place. Or, if packets come from a suspicious place they can be blocked.
While a two-tier Internet would make DDOS attacks easier to deal with, anonymity and privacy would be seriously compromised. The recent response of Lawrence Lessig to Wikileaks revelations serves to highlight this need. There is a humungous body of thinking defending what is called “net neutrality” and that is why we see such ideated attacks on this idea without even naming it.
No comments:
Post a Comment