- MrBeast impersonator tricks kid into destroying his XBox 4 Years Ago
- This mom has the perfect nickname for her nonbinary kid 4 Years Ago
- Netflix tests pop-out player that will allow viewers to multitask Today 11:44 AM
- Man allowed to sue media publishers over readers’ Facebook comments Today 11:42 AM
- Republicans slammed for joke about ‘heavily armed militia’ at Oregon statehouse Today 11:30 AM
- New bill wants tech companies to tell you how much your data is worth Today 10:53 AM
- AOC has the best response to Steve King’s ‘concentration camp’ criticism Today 10:19 AM
- Did Jake Paul and Tana Mongeau just get engaged? Today 9:26 AM
- Leaked documents reveal all the ‘red flags’ about Trump officials Today 9:02 AM
- Elon Musk, who wants to colonize space, thought the moon was Mars Today 8:56 AM
- How to watch ‘Legion’ for free Today 8:46 AM
- Netflix’s ‘Bolívar’ reduces hero’s tale to irredeemable melodrama Today 8:18 AM
- How to watch the U.S. vs. Spain at the World Cup for free Today 7:55 AM
- How to watch ‘The Hills: New Beginnings’ for free Today 7:40 AM
- Inside the pornographic video game that took Kickstarter by storm Today 7:00 AM
Could Russia be the culprit?
Turkey is under massive cyberattack.
Since Monday morning, the country’s official domain name servers have been under a Distributed Denial of Service (DDoS) attack. The attack’s perpetrators are unknown, but it reveals the vulnerabilities of the country’s Internet infrastructure.
All domain names that end with Turkey’s two-letter country code .tr must be registered by NIC.tr, an administration office in Turkey’s capital of Ankara. Besides its registration duties, NIC.tr maintains the academic internet backbone for Turkish universities. It’s also the main service for .tr domain names, making it a valuable target.
On Monday morning Turkish time, traces of an attack became noticeable. By noon, NIC.tr’s five nameservers, ns1.nic.tr through ns5.nic.tr, were completely down under a 40 Gigabits per second DDoS attack.
Europe’s regional Internet registry, the RIPE Network Coordination Centre, serves as a secondary Domain Name System to Nic.tr. RIPE was also severely affected. As noted by its manager of the Global Information Infrastructure, Romero Zwart, the attack was “modified to evade” RIPE’s mitigation measures. As of this writing, the attack is still going on at around 40 Gbps, disrupting working hours in Turkey.
DDoS attacks, which overload servers with requests for information, are a simple way of disrupting a website for a brief amount of time. The cost of hiring attacking botnets, huge armies of compromised computers that can all visit a site at the same time, is getting cheaper, and the size of attacks is growing each year. In 2013, an average DDoS attack was about 2 Gbps. In 2014, it’s nearly 8 Gbps.
What makes the Turkish attack so damaging is the attackers’ sophisticated choice of target. By focusing on a relatively small group of IP addresses, the five nameservers of NIC.tr, the attackers managed to “take down the DNS system of a whole country with a 40 Gbps attack:”
As the country’s official domain suffix, .tr domain names are very popular in Turkey, and many local companies want their businesses officially recognized for their local audience. There are about 400,000 websites with localized Turkish domain names, including 300,000 companies. It’s also used by government institutions, schools, municipalities, Turkish e-mail servers, and the Turkish military.
When the attack left NIC.tr’s DNS service non-responding, practically all .tr domain names became unreachable. Besides the private Turkish companies, official government businesses such as vital population registry queries, remained interrupted for more than a day. Internet access at university campuses are still down or extremely slow.
On Monday evening, Turkey’s National Response Center for Cyber Events closed all incoming traffic to NIC.tr from outside of Turkey, which made 400,000 websites with .tr domain names unreachable from the rest of the world, all e-mails sent to companies and organisations with .tr domains bounced back with the “unknown host” error.
Response Center changed its policy late Monday night, and NIC.tr has since been running a selective block policy for a number of suspected root IP addresses. DNS service for .tr domains were also re-configured to distribute the queries among public and private servers, including a Turkish Internet service providers Superonline and Vodafone.
It’s notoriously difficult to attribute where a cyberattack comes from. Many Turkish commentators have pointed to Russia as the source of the attack. Russia’s cyber warfare capabilities are an established weapon, believed to be used against Estonia in 2007, Georgia in 2008, and Ukraine in 2014.
With Turkey’s recent downing of a Russian jet near Syrian border, and with the ongoing troll wars between Erdo?an’s and Putin’s social media campaigners, DDoS botnets could be the next battleground. Some experts have speculated this is a response to Turkey’s nationalist cyber teams, who stand accused of organising a DDoS attack on Russia’s Sputnik news.
DDoS attacks are by nature distributed, therefore the identity of the attackers could never be found out; but the consequences identified the vulnerabilities of the target very well.
Illustration by Max Fleishman
Efe Kerem Sözeri is a Turkish freelance researcher who lives in the Netherlands. After studying political science in Istanbul, he moved to Amsterdam to study migrants' political behavior. Besides his academic work, he regularly writes on internet freedom and censorship in Turkey.