- This iPhone app says it will alert you if you’ve been hacked 4 Years Ago
- ‘Marvel’s Hero Project’ is the wholesome content 2019 needs 4 Years Ago
- Get more out of VSCO with VSCO search 4 Years Ago
- Twitter carves out ‘cause-based’ advocacy exemption in political ads ban 4 Years Ago
- Disney+ accounts are being hacked—here’s how to protect yourself 4 Years Ago
- Instagram is hiding likes globally and searching for a ‘well-being’ product researcher Today 1:42 PM
- ‘The Mandalorian’ opens up its mythology even further in ‘Chapter 2’ Today 12:54 PM
- Want to buy a drone on a budget? We’ve got you covered Today 12:51 PM
- ‘Simpsons’ writer accuses Republicans of stealing Sideshow Bob’s defense Today 12:49 PM
- Keanu Reeves’ appearance in ‘SpongeBob Movie’ trailer quickly becomes a meme Today 12:35 PM
- Charli XCX makes the band in Netflix’s ‘Nasty Cherry’ Today 12:33 PM
- Taylor Swift’s distress call reignites fight with Scooter Braun and former label Today 12:16 PM
- How to disable autoplay for previews and trailers on Disney+ Today 12:10 PM
- College basketball stream: How to watch North Carolina vs. Gardner-Webb Today 12:00 PM
- Trump accused of witness intimidation for tweets during impeachment hearing Today 11:48 AM
Turkish Internet hit with massive DDoS attack
Could Russia be the culprit?
Turkey is under massive cyberattack.
Since Monday morning, the country’s official domain name servers have been under a Distributed Denial of Service (DDoS) attack. The attack’s perpetrators are unknown, but it reveals the vulnerabilities of the country’s Internet infrastructure.
All domain names that end with Turkey’s two-letter country code .tr must be registered by NIC.tr, an administration office in Turkey’s capital of Ankara. Besides its registration duties, NIC.tr maintains the academic internet backbone for Turkish universities. It’s also the main service for .tr domain names, making it a valuable target.
On Monday morning Turkish time, traces of an attack became noticeable. By noon, NIC.tr’s five nameservers, ns1.nic.tr through ns5.nic.tr, were completely down under a 40 Gigabits per second DDoS attack.
Europe’s regional Internet registry, the RIPE Network Coordination Centre, serves as a secondary Domain Name System to Nic.tr. RIPE was also severely affected. As noted by its manager of the Global Information Infrastructure, Romero Zwart, the attack was “modified to evade” RIPE’s mitigation measures. As of this writing, the attack is still going on at around 40 Gbps, disrupting working hours in Turkey.
DDoS attacks, which overload servers with requests for information, are a simple way of disrupting a website for a brief amount of time. The cost of hiring attacking botnets, huge armies of compromised computers that can all visit a site at the same time, is getting cheaper, and the size of attacks is growing each year. In 2013, an average DDoS attack was about 2 Gbps. In 2014, it’s nearly 8 Gbps.
What makes the Turkish attack so damaging is the attackers’ sophisticated choice of target. By focusing on a relatively small group of IP addresses, the five nameservers of NIC.tr, the attackers managed to “take down the DNS system of a whole country with a 40 Gbps attack:”
As the country’s official domain suffix, .tr domain names are very popular in Turkey, and many local companies want their businesses officially recognized for their local audience. There are about 400,000 websites with localized Turkish domain names, including 300,000 companies. It’s also used by government institutions, schools, municipalities, Turkish e-mail servers, and the Turkish military.
When the attack left NIC.tr’s DNS service non-responding, practically all .tr domain names became unreachable. Besides the private Turkish companies, official government businesses such as vital population registry queries, remained interrupted for more than a day. Internet access at university campuses are still down or extremely slow.
On Monday evening, Turkey’s National Response Center for Cyber Events closed all incoming traffic to NIC.tr from outside of Turkey, which made 400,000 websites with .tr domain names unreachable from the rest of the world, all e-mails sent to companies and organisations with .tr domains bounced back with the “unknown host” error.
Response Center changed its policy late Monday night, and NIC.tr has since been running a selective block policy for a number of suspected root IP addresses. DNS service for .tr domains were also re-configured to distribute the queries among public and private servers, including a Turkish Internet service providers Superonline and Vodafone.
It’s notoriously difficult to attribute where a cyberattack comes from. Many Turkish commentators have pointed to Russia as the source of the attack. Russia’s cyber warfare capabilities are an established weapon, believed to be used against Estonia in 2007, Georgia in 2008, and Ukraine in 2014.
With Turkey’s recent downing of a Russian jet near Syrian border, and with the ongoing troll wars between Erdo?an’s and Putin’s social media campaigners, DDoS botnets could be the next battleground. Some experts have speculated this is a response to Turkey’s nationalist cyber teams, who stand accused of organising a DDoS attack on Russia’s Sputnik news.
DDoS attacks are by nature distributed, therefore the identity of the attackers could never be found out; but the consequences identified the vulnerabilities of the target very well.
Illustration by Max Fleishman
Efe Kerem Sözeri is a Turkish freelance researcher who lives in the Netherlands. After studying political science in Istanbul, he moved to Amsterdam to study migrants' political behavior. Besides his academic work, he regularly writes on internet freedom and censorship in Turkey.