Amidst the US elections, climate change talks and a myriad of other global issues, one of the largest distributed denial of service (DDoS) attacks said to have been carried out using the Mirai botnet to take down the Internet of an entire country didn’t garner much attention.
The attack is said to have been carried out by the same group that was responsible for the DDoS attack on Dyn a couple of weeks ago. According to security researcher Kevin Beaumont, who was the first one to notice the attack on the African nation Liberia, says that the attack was one of the largest capacity botnets ever seen. According to one of the transit providers for the nation state, the attacks were over 500Gbps in size and this effectively could have taken down the Internet for the whole nation for a few seconds.
One of the primary reasons why the Internet for the entire country could have been taken by a single botnet based DDoS attack is that Liberia has very limited Internet connectivity and that through just one cable that was installed in 2011. While the cable does have capacity of 5.1Tbps of data, this capacity is divided up to serve the entire coast and that’s where the problem spawns. A single attack amounting to over 500Gbps effectively means that 10 per cent of the capacity of the cable is occupied by DDoS traffic thereby affecting the overall data transfer speeds.
Security researchers found at the time of the attack, the websites hosted in country went offline. Further, one of the telcos in the country has confirmed that the connectivity was intermittent during the time when the attack was noticed.
Beaumont points out that the attacks are worrying for it shows that botnet owners have now garnered enough computing power – thanks to proliferation of internet of things – that they can effectively take down the Internet for an entire nation state, though only for a few seconds.
Why attack Liberia?
While the nation may not be one of the most important from all angles, it does provide a great test bed to cyber criminals and actors of DDoS attacks, researchers believe. Carrying out attacks on major internet service providers in the US will have legal repercussions owing to strong laws, the attack on nations like Liberia might no invite too much attention or legal implications.
The single data connection to the country enables attackers to perform a range of attacks to verify all kinds of attack parameters and that’s why security researchers believe that Liberia was attacked.