Juha Saarinen
Internet attacks could threaten NZ’s connectivity
Last week, we had two reminders of just how big the internet is, and how its almost infinite scalability can be leveraged to do really bad stuff as well as good.
The first affected New Zealand users as well as people worldwide: Yahoo owned up to a data breach in 2014 that may have spilled the beans on as many as half a billion users. Yahoo is of course linked to New Zealand via Telecom (now Spark) through the Xtra brand. To this day, xtra.co.nz emails still go through Yahoo’s servers.
Half a billion accounts is a colossal amount of user data, but it looks as if the passwords at least were obfuscated using an algorithm or function that’s particularly slow to crack, so that’s something.
Either way, if you have or have had a Yahoo or Xtra account, change the password on it immediately, and enable two-factor authentication.
If you no longer use it, delete the account. Spark says up to 130,000 accounts are at risk.
What’s odd about the Yahoo leak is that it was first said in August this year to contain “only” 200 million accounts, which a hacker put up for sale for just three Bitcoin ($2480 or so).
A discrepancy of 300 million is huge, and the hacker’s sample data has not checked out so far.
Thanks to the marketing of the hack, though, millions of Yahoo
If you’re wondering whether such denial of service attacks could threaten New Zealand’s internet connectivity, wonder no more: they can.
account holders are now having to reset passwords, and the internet portal company’s being sued ahead of its pending sale to US telco Verizon.
A single hacker, a singular impact, but why? Because they could?
A second case that illustrated the asymmetry of power that the internet offers involved journalist Brian Krebs, who covers hacking, cybercrime and fraud, having his site taken offline with a denial of service attack.
Distributed denial of service (DDoS) attacks are common, and involve swamping websites and other internet services with large amounts of requests, constantly, and for longish periods. Servers try to process the data they receive, using up system memory, processor resources and storage, and when it becomes just too much to handle, they fall over and give up.
Result: the site targeted is no longer reachable. It’s a bit like getting the population of Shanghai to go to a gig in a small club, and totally overwhelm the place.
Krebs’ site was protected by Akamai’s Prolexic anti-DDoS service. This was a very large attack, however, reaching 620 gigabits per second, and battling it would have cost Akamai millions of dollars. As they hosted Krebs site on a pro bono basis, that was not viable so a business decision was made to kick KrebsOnSecurity off Akamai. How was Krebs silenced then? Simple: by activating a “botnet” of routers, internet-connected cameras and digital video recorders, and commanding it to connect and send traffic to Krebs’ site.
Akamai estimated over 100,000 devices were involved in the attack, which is something of a record. It used to be that DDoS attacks over 100 Gbps were difficult to orchestrate — not so any more. One or just a few people can pull them off.
About the same time Krebs’ website was hit, someone took aim at French hosting service provider OVH and dumped 1.5 terabit per second traffic on their network.
In comparison, the Southern Cross Cable has lit, or used capacity, of 5.8 tbps in total. It didn’t take that many hijacked devices either to create such a massive traffic flood, just over 145,000 networked cameras and digital video recorders sending between one and 30 megabit per second.
Krebs is back online now, via the Google Project Shield program that was set up to protect independent news sites against attacks.
Even so, we really need to stop handing criminals and spies easy access to digital weapons of mass destruction like we do now. If not, some time soon, someone, maybe just one person, will figure out how to take down the internet.