Author Archives: Kirk Soluk
Author Archives: Kirk Soluk
On January 15th, France’s chief information systems defense official, Adm. Arnaud Coustilliere, announced a sharp rise in online attacks against French web sites:
“Calling it an unprecedented surge, Adm. Arnaud Coustilliere, head of cyberdefense for the French military, said about 19,000 French websites had faced cyberattacks in recent days, …” .
As we’ve done in the recent past for North Korea , Hong-Kong , and Israel , we can leverage Arbor’s ATLAS initiative to observe how real world conflict is reflected in the digital realm. ATLAS receives anonymized Internet traffic and DDoS event data from over 330 participating Internet Service Providers worldwide. In particular, we are interested in DDoS attacks before and after Sunday, January 11th. As reported in ,
“Coustilliere called the attacks a response to the massive demonstrations against terrorism that drew 3.7 million people into the streets Sunday across France.”
In order to gauge this response, we compare the DDoS attacks that took place between January 3rd and January 10th to the DDoS attacks that took place between January 11th and January 18th inclusive.
Between January 3rd and January 18th, a total of 11,342 Continue reading
In early August, we examined data demonstrating a striking correlation between real-world and online conflict , which ASERT tracks on a continual basis [2-7]. Recent political unrest provides another situation in which strong correlative indicators emerge when conducting time-series analysis of DDoS attack data.
The latest round of pro-democracy protests in Hong Kong began on September 22nd when “. . . Students from 25 schools and universities go ahead with a week-long boycott to protest Beijing’s decision to proceed with indirect elections for Hong Kong’s Chief Executive position.” . The protests ramped up on September 28th when a larger pro-democracy group, Occupy Central with Love and Peace, combined forces with the student demonstrators [8-9]. On October 1st, protesters vowed to increased the level of civil disobedience if Hong Kong’s Chief Executive, Leung Chun-Ying, did not step down . Since that time, tensions have increased, with police crackdowns, tear gas, barricades, skirmishes, shutdowns of government buildings and infrastructure, and heavy use of social media to promote both pro-and anti-protest sentiment. By examining Arbor ATLAS Internet-wide attack visibility data we have identified DDoS attack activity in the APAC region which correlates strongly with the ebb and flow Continue reading
Since its inception, the ASERT team has been looking into politically motivated DDoS events  and continues to do so as the relationship between geopolitics and the threat landscape evolves . In 2013, ASERT published three situational threat briefs related to unrest in Syria  and Thailand  and threat activity associated with the G20 summit . Recently, other security research teams, security vendors and news agencies have posited connections between “cyber” and geopolitical conflicts in Iraq , Iran , and Ukraine  .
Given the increasing connections being made between security incidents and geopolitical events, I checked Arbor’s ATLAS data to look at DDoS activity in the context of the current conflict between Israel and Hamas. Arbor’s ATLAS initiative receives anonymized traffic and DDoS attack data from over 290 ISPs that have deployed Arbor’s Peakflow SP product around the globe. Currently monitoring a peak of about 90 Tbps of IPv4 traffic, ATLAS see’s a significant portion of Internet traffic, and we can use that to look at reported DDoS attacks sourced from or targeted at various countries.
Israel as a Target of DDoS Attacks
Figure 1 depicts the number of reported DDoS attacks initiated against Israel per Continue reading