Do the Irish DDoS attacks simply boil down to money?

27 Jan 2016

So the swathe of DDoS attacks that hit a collection of Irish websites last week have remained a bit of a mystery, but one security expert has suggested the answer might be simple: Cash.

Yesterday, we followed up on the DDoS attacks in Ireland to try to find out the origins behind, and links between, moves that took down websites for numerous Government websites, the National Lottery, Daft, and perhaps many more.

After speaking to experts and those affected, very little information emerged as, given the nature of DDoS attacks, only those with limitless investigatory resources could truly know.

A statement from the Department of Public Expenditure and Reform said a “number of contingency plans” were enacted to “minimise the disruption”, claiming that, due to DDoS attacks’ nature, it was “not possible” to identify who was behind them.

Not much news came out of other targeted sites, with suggestions that this was a state-run investigation into security strength a little bit ‘out there’.

Follow the money trail

Why would Government sites, message boards, an online real estate service and the country’s National Lottery be hit within a few short days of each other?

Money, it seems. At least, that’s according to Colin Larkin, MD at Irish mobile security company MoQom.

Claiming ransom is likely behind the attacks, Larkin’s experience in fintech authentication software leads him to believe a simple old school blackmail procedure could well be involved.

Noting a bookmakers a few years back that suffered a similar scenario ahead of a major race meet, Larkin doesn’t feel like it’s an accident that the Lotto went down “just ahead of its biggest rollover in a long time, €12m”.

A simple note sent to the companies – in advance of a majorly busy time for business – demanding money in return for not bringing down the system? It’s a quirky marriage of old-school shakedowns and modern communication technology.

I bet you this

“I am not privy to the case with the Lotto at all,” says Larkin, “but if I was a betting man…” He tells me examples like this exist across the banking world, globally, too.

If you look at many online services, they are often based on accessibility, from anywhere in the world, at any time. “With DDoS, that means the servers, or botnets, can come from multiple places and can be very difficult to stop,” he says.

Noting that companies very rarely come out and comment on such a situation happening to them, Larkin says: “For DDoS attacks you just need to go on the dark web and rent the ability to launch them.”

By the way, a fascinating radio documentary into the process behind renting these types of attacks, made by Radiolab, is here.

An interesting time

But that doesn’t explain why Department of Justice, Defence, the courts and even the Central Statistics Office were hit. Or why Boards and Daft went down.

So maybe money isn’t everything.

“It’s interesting what’s going on and it seems an example of where the world is heading,” says David Miller, COO of AdaptiveMobile. “Every application can be perceived as an online threat now.”

Miller finds the targeting of Irish websites a small bit bizarre, but the growth of attacks worldwide – be it DDoS or something more creative – is a real issue.

“We look at things across mobile networks and we see growth across the board. And the attacks are getting more sophisticated.”

DDoS attacks aren’t exactly innovative or particularly brilliant. “No, but [they are] very effective. Anywhere where money can be made, they will target.”

Keeping up appearances

Miller doesn’t suggest that money was the premise behind these attacks, but he does note the main protection out there is websites being kept up to date with the right SSL certificates or, in this case, “probably Apache web servers need to be kept in line”.

DDoS attacks are things that may, one day, be rendered less prevalent as the online community goes mobile. MoQom, for example, works on the premise that if a website is taken down it should not affect mobile applications – a big deal when it comes to banking.

Larkin and his colleagues have a background in telecommunications, within which he claims there’s “loads and loads of latent technology just sitting there waiting to be used”. The problem is most people just want faster download speeds, “when there could be so much more added to networks.”.

For example, the National Lottery’s site went down, and then its in-store computers followed. This, says Larkin, doesn’t need to be the case.

“Only customers can access the mobile banking features generally, so DDoS isn’t as feasible a hacking technique. Using a mobile chip separates this.

“So by adding and relying on a mobile chip in the in-store Lotto machines, they’re off the main internet network and, therefore, more secure.”

Main image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic