StarHub outages due to users' 'zombie machines'

THE two waves of cyber attacks that brought down Internet surfing on StarHub's broadband network last Saturday and on Monday came from the bug-infected machines of the telco's own customers.

These are the latest findings revealed at a press conference organised by StarHub yesterday evening.

On the two occasions, many home broadband subscribers could not surf the Web for about two hours each owing to a spike in traffic to StarHub's Domain Name System (DNS).

StarHub chief technology officer Mock Pak Lum said: "Cyber security is everyone's responsibility and not just that of telcos, the Government and service providers."

He added that consumers could have bought malware-infected devices like Web cams or routers that triggered the attack. He also advised consumers to buy devices from reputable vendors.

The telco said it will send technicians to help customers clean up any infected devices at their homes "soon".

A DNS is a directory that maps Web addresses such as www.abc.com to a machine-readable string of numbers to connect Internet users to websites.

When the DNS is not operating optimally, users may not be able to access the websites.

On those two occasions, subscribers' bug-infected machines turned into zombie machines that repeatedly sent queries to StarHub's DNS, overwhelming it.

Read also: 

SingCERT publishes advisory following attack on Starhub's network by its customers' infected devices

StarHub confirms cyber attacks on servers caused broadband disruptions on Saturday and Monday

Amazon, Spotify, Twitter suffer service disruptions due to attack on infrastructure provider

This is known as a distributed denial-of-service (DDoS) attack.

As the traffic came from its own subscribers, they appeared legitimate.

But StarHub manually filtered out traffic from the hijacked machines and increased its DNS capacity to restore its broadband services.

It maintained that the security of customers' information was not compromised.

The two incidents came hot on the heels of a similar DDoS attack last Friday against United Stated-based DNS service provider, Dyn.

A piece of malware called Mirai reportedly infected traffic cameras, which turned them into zombie machines that overwhelmed Dyn's DNS.

That resulted in a massive Internet outage on the east coast of the US, cutting off access to websites ranging from the New York Times to music streaming service Spotify.

itham@sph.com.sg


Get MyPaper for more stories.