If you were at home last Saturday and Monday to watch the latest episode of Running Man with your StarHub fibre broadband, you might still be angry that for two nights, you could not access the Internet with your WiFi.
By now, most people should know about StarHub’s disruptions, and that it was caused by some “DDoS”, which to layman would seem like a term used by cyber security experts. So, what exact is this “DDoS” (it has nothing to do with the OS we used before Windows 3.1!) and would it happen again?
Here’re some facts that you should know, because you might have contributed to the outrage.
StarHub customers’ information aren’t compromised.
If you’re read the newspaper, you might have come to the conclusion that hackers are involved, and you might be worried that your personal information have been leaked. StarHub has confirmed that there’s no compromise in personal information and communications—read on to find out why it’s a hacker’s wok but it has nothing to do with your personal information.
Both outages were due to DDoS
To put it in a technical term, their servers were hit by a distributed denial-of-service (DDoS)attack, which is not caused by any technical error or hardware malfunction, but a deliberate attack that flooded the server and caused it to go down. To put it in the simplest term, it’s an attack on the “software” instead of, you know, a physical attack like a fire.
After the DDoS attacks, other ISPs are on alert
Given the fact that StarHub could be hit by an attack that could potentially come from any part of the world, Singtel and M1 are on high alert. So far, they’ve not seen anything unusual in their network.
This came after one of the largest DDoS attacks in the US
On 21 October 2016, Dyn, a domain registration provider, suffered three DDoS attacks that led to almost 12 hours of downtime for many major websites including Amazon.com, Spotify and Twitter.
So, what exactly is a DDoS?
Let’s put things in its simplest form: imagine that your house WiFi router is a StarHub’s server. Your router can most likely just provide connection to at most, say, eight people. When the ninth person connects, everyone’s connection will be slowed down. With twenty people, most of their connections will crawl.
Now, imagine millions of people trying to connect to your WiFi router—that router will be so flooded with requests that all of you can’t access it at all.
How DDoS works is that it used devices that are compromised with a malware to connect to the server without the device’s owner’s knowing. So, out of the million people who try to connect to your router, maybe only one or two did the connection knowingly—the rest of them automatically connects to the router due to a malware.
Coming back to StarHub, what this means is that there’re lots of traffic (thousands? Millions? Billions?) going to StarHub’s servers, crashing it fast. And these traffic could be from anyone whose device has a malware—maybe even a printer from an office in Iceland when no one is in the office. For all you know, maybe your old smartphone has the malware and with Internet access, it contributed to the attack without you knowing!
So, how is DDoS defended (or they call it “migrated”)? Usually, the server could have software that could determine whether the traffic coming in is legit or not—but just like the sword and shield issue, when the shield is harder, the sword will be sharper.
It only affected home broadband
Now that you know what a DDoS is, here’s one more new fact: the DDoS attacks were made only on servers that provide DNS for home broadband users. An ISP like StarHub has got LOTS of servers, so that explains why mobile network wasn’t affected.
The official period of the downtime
The first outage started somewhere around 10:00 p.m. on 22 October 2016 (Saturday) and ended at 2:00 a.m. the next day, and the second outrage occurred around 10:00 p.m. on 24 October 2016 (Monday) and ended around 11:25 p.m. on the same day. Overall, the total outage was about five hours.
Here’s StarHub’s statement in full:
We have completed inspecting and analysing network logs from the home broadband incidents on 22 October and 24 October and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our Domain Name Servers (DNS). These caused temporary web connection issue for some of our home broadband customers.
On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity, and restored service within two hours. No impact was observed on the rest of our services, and the security of our customers’ information was not compromised. We kept customers informed on these matters via our hotline and social media.
We continue to stay vigilant against possible follow-up DDoS attempts. In addition, we are working closely with the authorities to determine intent and source of these two DDoS attacks.
These two recent attacks that we experienced were unprecedented in scale, nature and complexity. We would like to thank our customers for their patience as we took time to fully understand these unique situations and to mitigate them effectively.
- DNS is a database that converts web addresses like www.nameofwebsite.com into machine readable sets of digits, for customers to view websites on their computers. When a DNS is not operating normally, customers may face difficulty in accessing the internet.
- DDoS happens when a IT equipment such as a computer, router or server is flooded with a sudden and enormous volume of traffic from multiple sources, in an attempt to cause congestion or to shut it down.
A question on why the outages were initially told to be “network equipment issue”
On the official StarHub page, it seems like both times, the issue was “rectified” a “network equipment issue”. Here’s the question: equipment is hardware issue, while DDoS is “software” issue. Where’s the correlation?
Things StarHub users need to do now
As the issue as now been resolved, users are told to restart their router if they still can’t connect. Should one day you realize that connection is bad, you can go to http://downdetector.sg/problems/starhub and check whether it’s due to your hardware (e.g. router or PC) or an outage by the ISP, because I bet many of us would have thought that it was due to our own hardware due to the reliability of Singapore network!
Featured Image: Flickr (giiks)
This article was first published on goodyfeed.com