Skip navigation
Help

Matt Prince

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Dan Goodin

Wikipedia

Coordinated attacks used to knock websites offline grew meaner and more powerful in the past three months, with an eight-fold increase in the average amount of junk traffic used to take sites down, according to a company that helps customers weather the so-called distributed denial-of-service campaigns.

The average amount of bandwidth used in DDoS attacks mushroomed to an astounding 48.25 gigabits per second in the first quarter, with peaks as high as 130 Gbps, according to Hollywood, Florida-based Prolexic. During the same period last year, bandwidth in the average attack was 6.1 Gbps and in the fourth quarter of last year it was 5.9 Gbps. The average duration of attacks also grew to 34.5 hours, compared with 28.5 hours last year and 32.2 hours during the fourth quarter of 2012. Earlier this month, Prolexic engineers saw an attack that exceeded 160 Gbps, and officials said they wouldn't be surprised if peaks break the 200 Gbps threshold by the end of June.

The spikes are brought on by new attack techniques that Ars first chronicled in October. Rather than using compromised PCs in homes and small offices to flood websites with torrents of traffic, attackers are relying on Web servers, which often have orders of magnitude more bandwidth at their disposal. As Ars reported last week, an ongoing attack on servers running the WordPress blogging application is actively seeking new recruits that can also be harnessed to form never-before-seen botnets to bring still more firepower.

Read 9 remaining paragraphs | Comments

0
Your rating: None

Syria’s Internet infrastructure remains almost entirely dark today. Almost.

The folks at Renesys, who were the first to notice that something was amiss with the telecom infrastructure of the war-torn Middle Eastern nation, have been hard at work sifting through their data — and they’ve found something interesting.

At least five networks operating outside Syria, but still operating within Syrian-registered IP address spaces, are still working, and are apparently controlled by India’s Tata Communications.

These same networks, Renesys says, have some servers running on them that were implicated in an attempt to deliver Trojans and other malware to Syrian activists. The payload was a fake “Skype Encryption Tool” — which is, on its face, kind of silly, because Skype itself is already encrypted to some degree — that was actually a spying tool. The Electronic Frontier Foundation covered the attempted cyber attack at the time.

Cloudflare has also been monitoring the situation in Syria and has made a few interesting observations.

First, pretty much all Internet access in the country is funneled through one point: The state-run, state-controlled Syrian Telecommunications Establishment. The companies that provide this capacity running into the country are PCCW and Turk Telekom as the primary providers, with Telecom Italia and Tata providing additional capacity.

There are, Cloudflare notes, four physical cables that bring Internet connectivity into Syria. Three of them are undersea cables that land in the coastal city of Tartus. A fourth comes in from Turkey to the north. Cloudflare’s Matt Prince says it’s unlikely that the cables were physically cut.

Cloudflare put together a video of what it looked like watching the changes in the routing tables happen live. It’s less than two minutes long.

For what it’s worth, Syria’s information minister is being quoted in various reports as blaming the opposition for the shutdown.

So the question is: Why now? Clearly, the Syrian regime is under more pressure than ever before. Previously, it tended to view the country’s Internet as a tool to not only get its own word out to the wider world, but also to try and spy on and monitor the activities of the rebels and activists.

With fighting intensifying in and around the capital and the commercial city of Aleppo, the decision to throw the kill switch might indicate a decision to try to disrupt enemy communications. Or it might mask a seriously aggressive military action that it wants to keep as secret as possible. We don’t know yet.

0
Your rating: None