Nation-Blanking DDoS Attacks Launched By Individuals Now Proven Able To Take Entire Nation’s Off The Net

Bob Gourley November 3, 2016

We live in times of extreme technological hooliganism, where small groups or even individuals can cause asymmetric damage from a distance. This was proven several times over the last few months, most famously in the 21 October attacks against Dyn that impacted many of Dyn’s clients, including Amazon, Twitter, Reddit, Airbnb, New York times, Spotfiy, Netflix and many others sites.

Conversations with researchers throughout the community and analysis of motives of recent large attacks like that one lead us to conclude that these large attacks are not the result of nation states attacking our infrastructure. This is very likely one or maybe two individuals causing this havoc.

That point should make you think of two things:

If lone actors could do this, consider what many lone actors could do acting individually or collectively
If lone actors could do this, consider what a nation could do

Other interesting thoughts arise when the size of the attacks are considered. According to the Verisign DDoS Trends Report for 2Q2016, peak attack volume for DDoS Attacks was coming in 256 Gigabits per second (Gbps). The big attacks in October were over 1 Tbps, a big leap, and predictions that soon botnets capable of 14 Tbps in size may be conducted very soon.

Very few businesses and very few ISP’s can withstand an attack of 1 Tbps. That size attack can threaten entire segments of the economy and even nations. And with even larger capabilities coming, Nation-blinding attacks can be expected.

Today saw proof that at least one nation-blinding attack has been tested. A new botnet began targeting Liberia in west Africa 2 and 3 Nov. The attack was brief, leading some researchers to conclude it was a test. Many of us believe this too was the act of a small group, not another nation. Someone is doing this for kicks.

Clearly the ability to conduct these attacks is growing. I estimate capacity for this attack will grow by an order of magnitude over the next 30 days. Imagine what size attacks will be possible in just 30 days. Imagine Venezuela, Colombia and Ecuador all being taken offline at the same time. Or you pick the other countries that get hit. Or imagine the companies that make up your supply chain being hit hard. This could have an impact on you.

Or imagine eBay, Amazon and Walmart being taken out before people get a chance to order holiday gifts. Or imagine the Post Office, FedEx and UPS being taken out for days or weeks. What would that do to your personal and/or business life.

Worse yet, imagine financial clearing houses being disrupted, slowing financial settlements.

The 9/11 attacks were failures of imagination. Lets not repeat that mistake in not thinking through the impact of nation-blanking attacks. Lets imagine the damage and then find better ways of taking collective action to mitigate them.

What can be done to prevent this attack or mitigate the impact of similar attacks when they occur? We provide our thoughts here, segmented into recommendations for Home Users, Business Users and Local, State, Federal Governments. And we are updating all that guidance now to underscore, you have to find backup ways to communicate and we recommend doing so asap.

About Bob Gourley

Bob Gourley is the CTO and Co-Founder of the due diligence and cybersecurity consultancy OODA LLC , which publishes CTOvision.com and OODAloop.com. Bob's background is as an all source intelligence analyst and an enterprise CTO.

Gain Powerful Insights Into The Future With OODA Loop’s Technology Tracking

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we have merged our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). CTOvision will focus only on one small niche, a vision for a technology enabled future. […]

CTOvision and OODA: Big Changes Coming Soon

In a continuation of our journey to bring the best, most actionable technology content to enterprise decision-makers we are merging our research and reporting activities into the OODAloop.com site (both CTOvision.com and OODAloop.com are owned and operated by OODA LLC). This will give our community access to the same technology summaries we currently produce as […]

Give Your Career A Boost By Learning From Experienced Decision Makers

Our video and audio podcast, the OODAcast, provides content that can help accelerate your career and improve your decision making. The series is based on interviews of some of the greatest most accomplished enterprise technologists we can find. We ask questions designed to pull out lessons applicable to accelerating the career of any professional. We […]

Think Twice Before Deciding To Use A Personal VPN: You could be getting some really bad advice

From the 1930s to 1950s (far too long) the medical community just would not wake up to the fact that cigarettes could cause harm (see More Doctors Smoke Camels). Why did they stick with this misperception for so long? When so many good people come to the wrong conclusion it probably means some deeply human […]

Please help spread the word: USNI and NIP Essay Contest: This year’s challenge area a key one for the nation

Please help share the content at this link to any thinker/writer you know: 2020 Information Warfare Essay Contest This contest is open to all contributors, active-duty, military, reservists, veterans, and civilians. Generally the winners have had a solid understanding of the nature of modern conflict, but really any thinkers/writers should look over the contest and […]

Centripetal wins historic $2.6-$3.2 Bil vs. Cisco Systems; largest US patent infringement award to date

Editor’s note: I am proud to say I have a history with Centripetal Networks serving on their board and then later as an advisor. It was horrible to learn that a Tech Titan like Cisco was infringing on their patents. It is good now to see when the facts were reviewed justice was done. -bg […]

Super Bowl Ads Indicate Big Businesses Think You Are Afraid of AI

Tom Loftus provided an insightful review of some of Super Bowl ads in the 4 Feb 2019 Wall Street Journal. Like AI parody in SNL, these ads really poked fun at computers: Seriously, did anyone catch the commercials? If the Super Bowl is the zeitgeist, then it is safe to say that America is not […]

HBO’s Westworld: The Man In Black is a special kind of Twitter user

HBO’s Westworld is a modern take on the Michael Crichton SciFi tale of a robotic amusement park. The HBO version has a new twist. The creators/writers were all exposed to years of Twitter, which has influenced every episode and the entire arch of two seasons of the show. Now that season two is wrapping up, […]

All Enterprise Techies Should Watch HBO’s SciFi Epic Westworld: It will help us dialog over shared experiences on what we will not be creating

Westworld season one was a great mix of science fiction and drama and action and it was done in a way that should help people think through many tech ethics questions, like how do we want to treat our robots? Does treating robots with violence change our nature? Can robots become sentient? HBO has a […]

Related