The two waves of cyber attacks that brought down
Internet surfing on StarHub's broadband network last Saturday (Oct
22) and on Monday (Oct 24) came from the bug-infected machines of
the telco's own customers.
These are the latest findings revealed at a
hastily-called press conference organised by StarHub on Tuesday
evening (Oct 26).
On the two occasions, many home broadband subscribers
could not surf the Web for about two hours each owing to a spike in
traffic to StarHub's Domain Name System (DNS).
StarHub chief technology officer Mock Pak Lum said:
"Cyber security is everyone's responsibility and not just that of
telcos, the Government and service providers."
A DNS is a directory that maps Web addresses such
as www.abc.com to a machine-readable
string of numbers to connect Internet users to websites.
When the DNS is not operating optimally, users may not
be able to access the websites.
On those two occasions, subscribers' bug-infected
machines turned into zombie machines that repeatedly sent queries
to StarHub's DNS, overwhelming it.
This is known as a distributed denial-of-service (DDoS)
attack.
As the traffic came from its own subscribers, they
appeared legitimate.
But StarHub employed mitigation tools that filtered out
traffic from the hijacked machines and increased its DNS capacity
to restore its broadband services.
It maintained that the security of customers'
information was not compromised.
The two incidents came hot on the heels of a similar
DDoS attack last Friday against United Stated-based DNS service
provider, Dyn.
A piece of malware called Mirai reportedly infected
traffic cameras, which turned them into zombie machines that
overwhelmed Dyn's DNS.
That resulted in a massive Internet outage on the east
coast of the US, cutting off access to websites ranging from the
New York Times website to music streaming service Spotify.
ST