Stop DDoS Archive

“White hat” hackers and cyber-cops fight crime in Taiwan’s heavily attacked cyberspace.

Cybercrime is a growing problem in Taiwan and around the world, cybersecurity experts and law enforcement officers agree.

“It’s absolutely on the rise because everything is connected to the internet – you can shop online, can do anything,” says Wu Fu-mei, acting director of the Information and Communications Security Division within the Ministry of Justice Investigation Bureau. Along with network and mobile devices, the proliferation of connected IoT (internet of things) devices has created a vastly expanded pool of potential targets, many of which are only lightly protected from infection.

Incidences of software supply chains being infected with malware rose 200% last year, while targeted attacks were up 10% and mobile malware rose by 54% in 2017 in annual comparisons, according to global cybersecurity firm Symantec. The company notes that ransomware, in which an organization’s data is infected and encrypted by a hacker – to be decrypted only after payment of a ransom – has become so routine that the average amount of ransom demanded has dropped to only US$522 in 2017, less than half the 2016 average.

The Dark Web and the sudden rise of cryptocurrencies are key enablers of cybercrime. The Dark Web, that part of the internet accessible only through encrypted browsers such as TOR, provides criminals with an untraceable space for conducting illicit business ranging from hiring killers to obtaining illegal drugs – and buying and selling personal data stolen in data breaches. These transactions are now mostly done in Bitcoin or other cryptocurrencies, which use transparent blockchain technology but are anonymous.

“Both the Dark Web and digital currency are very difficult to trace,” notes MJIB’s Wu. “When we are investigating crimes we need to find two things: the cash flow and the information flow. The use of digital currency can hide the cash flow, and use of the Dark Web can hide the information flow.”

She adds that the relative ease and safety of cybercrime contributes to its appeal. “It’s a fairly easy way of doing crime. You don’t have to invest a lot, and you can commit a lot of crime by just sitting at a desk,” she says.

To cybersecurity experts, Taiwan’s digital landscape is a dystopian cyber-wilderness where malware bots hunt; hackers blackmail, rob, and vandalize; and our connected devices are able to be possessed by viruses and turn against us.

Shaking the doorknob

Taiwan receives tens of millions of attacks every month, most of them little more than “shaking the doorknob” to see if somebody forgot to secure an entry point. Many full-on attacks also occur that have resulted in massive data breaches and ransom payments. A lack of basic password protection on the part of an alarming number of firms and individuals means that hackers need not bother searching for back doors when the front door is wide open for intrusion and infestation.

Once inside, the malware takes increasing control over the device or server, often without impacting its usual functions. Cases of IP cameras that continue to record video even after being turned off and IoT household appliances recruited into a virtual army for distributed denial of service (DDOS) attacks at the behest of unseen masters have been widely reported in the media.

Doing battle against these hidden attackers is Taiwan’s army of “white hat” hackers in both the government cybersecurity agencies and the private sector. “It’s like a war,” says Allen Own, co-founder and CEO of cybersecurity consulting startup Devcore. “And there is an information disparity. The attackers always know more than the enterprise.”

Malware bots are endlessly scanning the internet for system and device vulnerabilities, and even the smallest lapse in password protection, coding, or design can result in a wholesale invasion. “Security is decided by the least secured links, which are everywhere,” says Steven Chen, CEO and co-founder of PFP Cybersecurity startup in Silicon Valley which has entered the Taiwan market.

Cybersecurity systems and technologies have advanced to the point that firewall, APT (Advanced Persistent Threats) deterrence, and other cybersecurity defense systems are now capable of fending off even the most sophisticated hacks. What is generally behind successful cyber-attacks is the weak link of the human factor. Symantec says that 71 % of successful hacks are due to phishing, in which people open up a bogus email that exposes their computer and thus their organization’s servers to infestation. Phishing attacks have brought down even the most internet-savvy people.

According to Hans Barre of Silicon Valley-based digital and social cybersecurity firm RiskIQ, corporate executives and brands from Taiwan and around the world are at huge risk of being “counterfeited.” An individual or organization may set up a profile on LinkedIn, for example, purporting to be a company executive. When this fraudulent identity makes contact with other industry professionals, they are easily fooled into exchanging emails and inviting the hacker right into their corporate networks, exposing all of their private data to theft.

Devcore deals with human error of a different kind, often involving website developers and programmers who make sloppy or inadvertent errors in their product, leaving them exposed to hackers. When programmers code websites with languages such as Java, PHP, or Ruby, mistakes or carelessness in the code might leave the site vulnerable to infection. Such errors can expose the site or other SQL (Structured Query Language) databases to infection, allowing hackers to access databases and basically wreak havoc on the system.

“These mistakes are the fault of the developer,” Own notes, adding that although he and the other 12 consultants at Devcore “might not be as good in these programming languages as actual developers are, “we are good in finding vulnerabilities.”

Devcore’s assignment is to act as the Red Team hackers, a term borrowed from military jargon used in war games, where the Red Team plays the role of attacker, while the Blue Team plays defense. Own’s team hacks the client’s website searching for vulnerabilities, which they usually find not in the main websites, but in developer-created websites that the company might not even be aware of.

Often website developers make a second website that mirrors the main site and is used as a practice and work site for future development. However, the second site is generally not protected as well as the first one, and can be a major point of system infection.

“The enterprise will defend the most important website that they own but the hackers will attack their other, less well-protected sites – the security level is lower,” explains Own. “They know that they have several websites but they don’t know which ones are vulnerable. But we know every website that they have, even if the company itself doesn’t know.”

Own says that along with his role operating his company, he has also been one of the organizers of HITCON – the “Hacks in Taiwan” conference – for 14 years. The main purpose of the conference is to “teach the government and enterprise what security is, and how to keep your website secure.” This year’s HITCON is scheduled for July 27-28 at the Taipei Nankang Exhibition Center.

Benson Wu, co-founder of Taiwanese cybersecurity startup CyCarrier Security, aims to solve the problem of human error by removing humans from the security system as far as possible, relying instead on Artificial Intelligence (AI) for monitoring. He notes that even top-line cybersecurity platforms are only as good as their operators, with most requiring well-trained staff. “But the reality is that you often can’t find such experts because that talent is already working directly in the cybersecurity industry,” he says.

Industry insiders say that AI and Machine Learning (ML) are already being deployed on both sides of the cybercrime battle. Wu says that his company’s system never gets tired, never misses a warning, and can reduce the time for discovery of a system breach from months to a matter of days. As such efficiency doesn’t come cheap, Wu says CyCarrier Security is targeting only the top-tier companies in Taiwan and abroad that have the money and awareness to pay for a top-line cybersecurity platform. He adds that he doesn’t need to do much of sales pitch. He simply sets up the platform to evaluate how many times and for how long the company has been breached. “They sign up right away after they see the results,” he says.

Threats against Taiwan are usually attributed to China, but recent experience shows that is not always true, including the heists of First Bank by Russian hackers and the Far Eastern Bank by the North Korean-linked Lazarus gang. Taiwan produces its own home-grown hackers as well, as a recent case cited by the MJIB cybercrimes unit attests.

In that case, securities firms were threatened with a DDOS attack if they didn’t pay a ransom in Bitcoin to the hacker. “Most companies paid the ransom, but one did not and his whole computer system was hacked and paralyzed,” says MJIB’s Wu. The MJIB was called in and traced the hacker through the email that he had sent to the company. The culprit turned out to be a 20-year-old Taiwanese who told investigators that he had pulled off similar attacks numerous times, but had already spent the money he gained. He now faces up to five years in prison.

With the threat of cyberattacks now being taken more seriously in Taiwan, demand for cybersecurity talent is increasing and salaries are rising accordingly. But Taiwan’s cybersecurity professionals are also fervently committed to the cause.

“Making money is necessary, but doing business is not my only concern,” says Devcore’s Own. “My company and I are passionate about cybersecurity in Taiwan.”


A group of three hackers have pleaded guilty to their role in developing, spreading and using Mirai malware botnet to conduct large-scale Distributed Denial of Service (DDoS) attacks on some of the Internet’s most popular websites and Dyn DNS, a prominent Domain Name Servers (DNS) service provider.

Pleading guilty

In a proceeding that took place in US District Court for Alaska on November 28th, Paras Jha pleaded guilty to six charges including developing and operating Mirai botnet while Dalton Norman and Josiah White, his partners in crime also pleaded guilty to their role in the campaign in which Mirai was used for criminal activities.

In January this year, Jha’s father Anand Jha denied his son’s role in Mirai’s scheme and said “I know what he is capable of. Nothing of the sort of what has been described here has happened.” However, according to the court documents released on Tuesday, Jha admitted his crime.

Furthermore, court documents revealed that Jha erased the device he used to run Mirai on. Paras Jha “securely erased the virtual machine used to run Mirai on his device. Jha posted the Mirai code online in order to create plausible deniability if law enforcement found the code on computers controlled by Jha or his co­-conspirators,” said one of the court documents.

Damage caused by Mirai

On October 21st, 2016, Mirai malware caused havoc by hijacking millions of IoT devices including security cameras and hit some of the most popular websites on the Internet including the servers of Dyn. The sites that were forced to go offline included Reddit, Amazon, New York Time, Twitter and hundreds of others.

As a result, Internet services in the United States, India, Japan and some parts of Europe suffered major interruption. Like other botnets, Mirai also compromised Internet of Things (IoT) devices including security cameras and DVRs to carry attacks against DYN, Brian Krebs’ blog and OVH hostings servers in France.

Hackers also conducted click fraud through Mirai and made nearly 100 bitcoin that is more than $1.6 million today due to a massive increase in Bitcoin’s value. But the trio did not stop there, soon after targeting DYN, the source code for Mirai was leaked online that was later used by several other hackers to carry DDoS attacks.

A list of usernames and passwords included in the Mirai source code.

The person who claimed to leak the source code stated his name as Anna-senpai however, on October 4th, 2016, security journalist Brian Krebs claimed Senpai is actually Jha, but Jha denied the allegation and his role in the development of Mirai botnet.

According to Department of Justice’s press release, Paras Jha has also admitted his responsibility for multiple hacks of the Rutgers University computer system.

“Paras Jha has admitted his responsibility for multiple hacks of the Rutgers University computer system,” said Acting U.S. Attorney Fitzpatrick. “These computer attacks shut down the server used for all communications among faculty, staff, and students, including assignment of coursework to students, and students’ submission of their work to professors to be graded. The defendant’s actions effectively paralyzed the system for days at a time and maliciously disrupted the educational process for tens of thousands of Rutgers’ students. Today, the defendant has admitted his role in this criminal offense and will face the legal consequences for it.”

Plea agreements

According to document (PDF) sharted by Brian Krebs, under Jha’s click fraud guilty plea agreement, he would hand over 13 bitcoin to the United States government. White, on the other hand, has agreed to pay 33 bitcoin. The current price of 33 Bitcoin is more than $547,469 while 13 Bitcoin is $215,669.


The game industry has been under attack for a long time. Security professionals have often had to deal with distributed-denial-of-service (DDoS) attacks going back years.

It seemed like the problem was solved not so long ago, but then, the vector for attacks changed. With the rise of the Internet of Things (IoT), hackers were able to get their hands on many more compromised machines, and in turn, they were able to marshal those machines in much larger DDoS attacks. And so, the game companies are finding that they are getting flooded with attacks once again.

Nokia Deepfield helps companies defend themselves against such attacks. I spoke with Craig Labovitz, general manager of Nokia Deepfield, about the game industry’s ongoing vulnerability to DDoS attacks. That may not sound like the specialty you’d expect Nokia to have, but Nokia acquired Deepfield back in 2016 to ensure real-time network security and performance.

Here’s an edited transcript of our interview. GamesBeat and Akamai will hold a breakfast at the Electronic Entertainment Expo (E3) on June 14 to talk about games and security. Contact us through deantak on Twitter if you’d like to attend.

GamesBeat: Tell us about your interest in security and game companies.

Craig Labovitz: I’ve been doing DDoS for about 20 years now. I was a founder and chief architect at Arbor Networks, one of the first commercially successful DDoS companies. I was with Arbor for 12 years. After we left Arbor, we started Deepfield about five years ago, but our history goes back 25 years doing security, doing DDoS, particularly focused on unusual traffic blocking, traffic floods, things like that.

Deepfield had its start trying to do the next generation of security for both the large cloud guys, the large game guys, and the large carriers. Deepfield was an independent company for about five years. We grew pretty quickly, to cover about 90 percent of North America. We’d just started to enter Europe and Latin America and other parts of the world when we joined Nokia, about a year ago. Since then, we’ve been able to — Nokia provided additional investment. We’ve grown our technology, grown the base. Now, we’re deployed all over the world, doing both engineering and DDoS security.

GamesBeat: Why has this problem persisted for so many years? It sounds like an almost unsolvable issue in some ways, the fact that people can still do DDoS attacks.

Labovitz: Well, I’d actually say the opposite. When we left our last company, one of the reasons I left is I thought we were done. If you go back to 2011, all the carriers deployed appliances. It’s always an arms race between attackers and defenders, whether it’s war or security. In 2011, the defenders had the upper hand. Everyone had deployed the tech they bought from Arbor Networks. Generally, while DDoS was a nuisance, it wasn’t on the front page.

Back in 2000, when we started Arbor, DDoS was on the evening news. All the major brand names were under attack. 2011, there were still attacks, but most of them were easily mitigated. Technology had advanced to a point where we thought it was basically over. We saw the market declining. There wasn’t a lot of growth. It wasn’t in the news. Everyone who was going to buy had already bought: 80 or 90 percent of the large cloud and game companies. Then, things started to change, and you get to where we are today, which of course is a very different market.

GamesBeat: 2011 was a big deal in gaming security, because it was the year of the PlayStation Network hack.

Labovitz: Right. That was when things began to change, in that time frame. I left Arbor in 2011, and in the last five or six years, we’ve seen the resurgence. As far as why things changed, a couple of things have really changed the marketplace to where you’re seeing DDoS be such a pain point for our customers and for games, as well as other verticals.

What changed is, number one, the platforms changed, in the sense of we went from compromising PCs in consumer homes to millions of mobile devices. On a regular basis, we’re seeing cloud DVRs and other home devices participating in attacks. The number of compromised devices participating in botnets has tilted the balance of DDoS back to favor the attackers.

The second thing is just the bandwidth available. In 2010, I had a megabit, a couple of megabits at home? Now, I have hundreds. Other people have gigabits. You see significant last-mile advances in bandwidth and not just to consumers. We’ve seen the explosion of cloud servers and VMs, all of which we see being used as part of DDoS today. The firepower in terms of bandwidth has grown dramatically.

Now, we’ve gone from one device in a home you can compromise to as many as 30 or 40. We’re seeing some of these IOT devices participate in DDoS — like webcams. It’s gotten much easier for criminals to hijack devices all around the world. These devices aren’t connected to just a megabit anymore. Some of them have gigabit bandwidth to the rest of the Internet.

GamesBeat: And that sends a much higher volume of junk requests?

Labovitz: Correct. The number of devices to compromise has grown by a factor of 10 or, in some cases, 100, and the bandwidth to those devices has grown in the same way. All this has really happened since 2010, 2011, where we’ve seen the balance of DDoS tilt back to the attackers.

GamesBeat: What’s been the reaction on the defensive side?

Labovitz: Well, concern. It puts you in a tough position when your attackers grow by 10 or 100 times. It’s hard to counter that. That’s why DDoS, particularly in the last few years, is making headlines again and becoming more of a challenge.

It’s a pretty fundamental shift in the way people are thinking about security. When attacks are occasional, when attacks are small, whether you’re a game company or a provider you respond by adding stuff to the network, by adding servers or different security devices. When you get to this scale of attacks, when the attackers are 10 times bigger than any capacity you have, it’s no longer a matter of just adding more devices to the network. You have to fundamentally shift how you think about security, particularly with an eye toward things like DDoS.

GamesBeat: What has that shift been like?

Labovitz: Back in the day, I used to have a Palm Pilot. I had an MP3 player. I had five different devices that I carried with me that were all sort of adjunct. Similarly, in networking, you used to have a separate device for every possible function. You had a firewall, a DDoS box, an analysis box, a router, a management box. You tried to scale by scaling up all five or six of these things, and that worked for a good 15 [to] 20 years.

The problem, of course, is your attackers are now so much bigger than you are. It’s hard to scale each of those things separately by 10 or 100 times. What you’re seeing now across the market is a shift to move away from that Palm Pilot view of the universe and look to have this embedded in the network, embedded in the infrastructure. You can’t just add it on as an afterthought.

For years, security was an afterthought. You build your network, your game, or your data center, and then, you added security to it. The real shift today is it needs to be part of how you build it from day one. It needs to be everywhere, ubiquitous, embedded. It needs to scale at the same rate you scale your game servers and your network. That’s what we’re seeing in the market today.

GamesBeat: If you had to tick off, say, five things game companies have to worry about, where would you put DDoS in that spectrum of security problems?

Labovitz: It’s kind of like asking a homeowner how they consider security. If they’ve never been burglarized, that’s the last thing on their list. Someone who’s just been broken into or someone who’s made the front page of the Wall Street Journal because they just lost five percent off their stock value, they might have a different opinion. Having done DDoS for 20 years, our best sales were the day after. We used to call them the day-after sales. The day after someone made the front page of the Financial Times, those were the easiest sales we ever had. You hear similar stories about home alarm systems.

When we started doing DDoS 20 years ago, we had to convince people they needed DDoS protection. I think the market has largely matured, and people believe they need it. The question is how much. Clearly losing all your game infrastructure for a period of hours or days is catastrophic to the business. In terms of things you worry about, that would probably be near the top of the list. Things that pose an existential threat to a company are good things to worry about.

GamesBeat: As far as where the online game operators are at, are they effectively all outsourcing this function to the likes of Akamai or Amazon? Do they say to the providers, “Hey, if I get attacked, just give me some more compute resources and get me through it?” Or, is there a different mix of infrastructure.

Labovitz: If you look at the game companies, what’s been interesting over the last three or four years is they’ve come to look a lot like network providers. They’re starting to not only do DDoS themselves, but they’re building their own data centers, laying their own dark fiber, handling more and more as performance becomes a competitive element in games. We see the top five game companies take over more and more of their own infrastructure, down to dark fiber. They’re building out their own global networks.

We did see a period of outsourcing, but now, the opposite is happening, as performance and latency and jitter become more important. As scale has grown, the major game operators — certainly in the U.S. and also in other parts of the world — have made big investments in infrastructure.

GamesBeat: We haven’t talked much about platforms yet, but are we talking about consoles or PC or even mobile? I know that on mobile now, the fast interaction has been very important for games like Clash Royale or Arena of Glory. These are multiplayer team games. They seem to be very sensitive to latency problems. If they’re getting attacked, is that another layer to the problem?

Labovitz: There are definitely attacks there. I think most of the issues we see and hear about from our game customers and carrier customers are more the first-person shooters. We see a ton of — it’s just constant. At any given time for some networks, as much as five or 10 percent of traffic is just people with Xboxes or other console games trying to block someone else.

When we talk about DDoS with respect to gaming, there are two types of attacks. One is you’re specifically targeting another consumer, trying to knock them off, knock their IP address off. The other is you might have monetary incentives. You might go after one of the main game companies and attack their servers. We see both of those. Less frequent, though they happen on a regular basis, are the attacks against servers. But we do see a constant, never stopping wave of gamers attacking each other for whatever motives.

GamesBeat: In that case, they’re going to the trouble of finding a farm to use to attack someone?

Labovitz: I don’t know if it’s a farm exactly. There are just sites that you can go to, pay $10 or whatever, and get a link. I don’t think it’s that much trouble. If you have a credit card or Bitcoin, you too can launch a DDoS.

GamesBeat: Now, we’re getting to another part of the problem, then, that something like this isn’t getting shut down.

Labovitz: No, they’re not. It used to be a big deal, to find a machine that [had] a gigabit of bandwidth. Today, you can rent one. We’ve seen an explosion of bandwidth, an explosion of devices out there, servers and others. Stuff on the edge has grown by 10 or 100 times. You’re left with the guys in the middle of the Internet facing — I remember I had a pool growing up, and sometimes, the algae in it would just explode overnight. I think that’s how a lot of game companies and carriers feel, facing 10 times the devices with 10 times the bandwidth. You can buy any of it for a few bucks.

GamesBeat: How do you mitigate this?

Labovitz: As I say, we have pretty broad coverage. Our customer base includes a large cross section of the major game companies, as well as providers, in North America. The game companies do two things. We work with them on traffic engineering and visibility. We can detect unusual spikes, unusual shifts in traffic. We also work with devices on the network, particularly — a lot of our focus is not on third-party devices, that Palm Pilot world, but we’re working with a lot of the router vendors. Nokia, of course, is a big focus there, but we’re also working with other providers that do the plumbing of the Ethernet.

Deepfield’s big idea, instead of what we used to do when security was something you added to the network, we’ve been working with all of these providers to make sure it’s built in. Every bit of networking device has the capability to block and to filter. We’re working with them to build these blocking capabilities, to build this intelligence in the network, so we can accommodate this huge explosion of devices and bandwidth over the last few years.

GamesBeat: I’ve written a lot about semiconductor companies like ARM that are trying to build trust networks and physical hardware security for IoT chips. Is any of that helping yet? Or do we have too many unprotected devices already out there?

Labovitz: I’ve never won my battles against the moles in the backyard, and that’s never going to happen on the Internet. We’re never going back. Pandora’s box is open. Just as an example, do you know what’s the most popular domain name on the Internet as far as DNS queries?

GamesBeat: Maybe some kind of movie pirating site?

Labovitz: Nope. It’s not Google or Facebook either. The single most popular thing queried on the Internet is because eight years ago, a bug was introduced into the firmware of routers, where devices would make regular queries well beyond anything they really needed to do to set their time. That bug was fixed long ago, but what’s fascinating is that it’s still by far the most popular thing queried on the Internet. That speaks to how hard it is, once firmware gets out there — the changes of that getting permanently fixed, it’s like a radioactive half-life. We’re stuck with it forever.

GamesBeat: As far as game companies go, are they collectively addressing this in some way? Do they have their own security conferences or other signs they’re approaching this as a group?

Labovitz: Certainly, there’s a very tight security community. It’s not very big. All of us know each other and travel in the same circles. There’s a lot of collaboration. It’s not just the game companies, of course. Whether you’re a game company, a financial company, or one of the ISPs, security crosses all of those. There’s a lot of interaction as we push on initiatives and share information about the threats we’re seeing, as well as working with vendors like Nokia as we work on solutions and try to implement them.

We spend a lot of time talking to different groups and working with different parties. I’m not aware of a specific security organization just for gaming, but certainly, there are a lot of discussions, a lot of engineering meetings. It’s a fairly small community, and it works together.

GamesBeat: As far as other problems besides DDoS, what do you see in security that relates to games?

Labovitz: I can only tell you about what we deal with. I read articles about other things, like loot box fraud, but the problems we deal with in the market, what I personally interact with — it’s just keeping everything running as this stuff continues to scale. Keeping it running, keeping the latency and performance up. Part of that is blocking DDoS, but it’s also just managing the complexity of traffic.

It used to be that whenever you went to, you went to a single server. Today, if you play a game or watch a video, a lot of infrastructure needs to work together from different game servers, different telemetry servers, and content distribution. Power has come at the cost of complexity. Traffic comes from a lot of places. Lots of things go into playing a game. Managing that traffic as it makes its way across the Internet, having the real-time visibility into quality so that as things shift, you can adjust, and, of course, having real-time visibility into DDoS and security. We really help with all of that: just managing stuff, keeping it up and running, and maintaining basic levels of quality in the experience.

GamesBeat: When you do that, are you interacting directly with game companies, or do you work through intermediaries like Amazon or other games-as-a-service vendors?

Labovitz: We do a little bit of both. We do have direct companies we interact with that are game companies.

GamesBeat: Do you have some predictions on this front? It seems like it can only get to be a bigger and bigger problem.

Labovitz: I’m lousy at predicting the future. Like I said, in 2010, I predicted that DDoS was over. I left my previous DDoS company thinking we were done. But I can give you some predictions with that in mind.

I think we’re in the early days of IoT. I’m one of those guys who vowed to never have an IoT device at home, and now — well, I don’t want to talk about what I have in my home. But if you take my mother, she has a Nest doorbell. She has connected speakers. We’re still in the early days of things in the home that have IP addresses. We’re also in the early days of bandwidth. The bandwidth predictions we’re seeing these days are wild. If you look at 5G, suddenly, we’re talking about every phone having huge amounts of bandwidth available in addition to IoT devices.

I don’t think we’ve made the advances we need to in terms of figuring out how to secure servers, how to secure IoT. I don’t think we’ll win that. There’s no magic bullet. We’ve been trying to win as far as protecting PCs and protecting servers for 30 or 35 years. It hasn’t happened yet. It’s not likely to happen any time soon. We’re seeing new threats even at low levels. The threat will continue to grow.

My main prediction is we need to be able to build this stuff into the network itself. You mentioned ARM and others. We’re seeing significant advances in the basic chipsets. Nokia makes our own hardware, so we like to think we’re ahead of the curve, but we’re seeing even some of what’s called merchant silicon, the commodity chips market. They’re a little bit behind, but we’re seeing a lot of advances in merchant silicon as well.

I have high hopes that if we can build this into the network, if we can make sure the hardware advances continue, and if security isn’t an afterthought but really starts to become a part of how we build everything, we can have a chance of improving or at least maintaining the status quo. I don’t know if we’ll ever win.

GamesBeat: I had a couple of questions about streamers. A few years ago, there was a streamer who became very popular broadcasting on Twitch, and he was followed by a bunch of DDoS attack groups. They had a sort of sparring conversation. He would go play a game, and then, the attackers would take down that game while he was trying to stream and repeat the process every time he started a new game. People would watch this, and the audience got bigger and bigger as the day went on. Every game he tried to play, the attackers took down. Some of these streamers have enormous audiences now, with hundreds of thousands of concurrent viewers. I wonder if there’s a way they have of protecting themselves now.

Labovitz: That’s another big thing. Like I say, there are two types of attacks we see. You have attacks against servers and then attacks against players or even streamers. Previously, I think most of the focus was on the servers, higher up on the network. But we’re seeing the volume of malicious traffic — and a lot of that is DDoS — becoming so large that it’s a performance win if your provider can automatically block this traffic when it first enters the network. We’re starting to see carriers — including probably your provider because we’re working with a lot of the U.S. providers — who are trying to add these capabilities for blocking traffic before it ever enters the network.

Going back 5 [to] 10 years, DDoS protection was so expensive that it was just the big banks and a handful of other companies that were purchasing it. Of course, those numbers have come down. You can protect web pages. But the cost of protecting your business traffic or your traffic at home is still prohibitive. Sometimes, that’s not even technically available.

What we are seeing, though, is DDoS protection going from something you add to the network to something that is available, that’s already in place for every customer. It’s just part of the network. We’re starting to see the buildout of infrastructure and capability to block DDoS everywhere in the network, and that capability could be available, whether automatically or for a fee, to every home user and every business. We’re seeing DDoS go from something available to dozens or hundreds of companies to something that’s available to everyone as the problem has become more significant [and] more ubiquitous.

As I say, this has taken a while, but we’re finally seeing a convergence of technology and incentives. This stuff is cyclical. Back in 2010, I thought we had won. Then, the world changed on us. In hindsight, the ways it changed are obvious, but hindsight is always obvious. We’re starting to see more capabilities built into the network, and that’s quite encouraging.


Danish rail travelers found buying a ticket difficult yesterday, following a DDoS attack on the railway company DSB.

DSB has more than 195 million passengers every year but, as reported by The Copenhagen Post, the attack on Sunday made it impossible for customers to purchase a ticket via the DSB app, on the website, at ticket machines and certain kiosks at stations – though passengers were able to buy tickets from staff on trains.

“We have all of our experts on the case,” said DSB spokesperson Aske Wieth-Knudsen, with all systems apparently working as normal this morning.

“The DDoS attack seen in Denmark this weekend on critical national infrastructure is precisely the type of attack that EU Governments are seeking to protect citizens against with last week’s introduction of the Network and Information Systems Directive (NIS),” said Andrew Lloyd, president, Corero Network Security.

“Keeping the control systems (e.g. railway signaling, power circuits and track movements) secure greatly reduces the risk of a catastrophic outcome that risks public safety. That said, a successful attack on the more vulnerable management systems can cause widespread disruption. This DDoS attack on Danish railways ticketing site can be added to a growing list of such cyber-attacks that include last October’s DDoS attack on the Swedish Railways that took out their train ordering system for two days resulting in travel chaos.

The lessons are clear, Lloyd added; transportation companies and other operators of essential services have to invest in proactive cybersecurity defenses to ensure that their services can stay online and open for business during a cyber-attack.


In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a data breach that affected 15,000 members of a U.K.-based credit union.

Threat actors targeted the Sheffield Credit Union (SCU), and officials have warned against the potential compromise of personally identifiable information (PII). SCU said information including names, addresses, national insurance numbers and bank details were accessed, according to a report from the BBC.

The same report notes that the attack happened on Feb. 14, 2018, but only emerged recently after hackers attempted to demand a ransom on the heisted data.

South Yorkshire Police reportedly worked with the SCU and Action Fraud to ameliorate the situation. The BBC notes that the Information Commissioners Office (ICO) was also made aware of the occurrence. The SCU also said its security has heightened since. Nevertheless, the credit union is being cautious in warning that the incident could find hackers looking to defraud customers.

The SCU pointed out in a letter to its members that the breach “may expose you to text messaging, cold calling and attempts to defraud.”

Chairwoman of Trustees, Fiona Greaves, reportedly said that hackers likely accessed the data in a “brute-force” attack, in which they overpower systems with password combinations to crack the proverbial code.

She said that members do not need to assume that the data loss will result in “wholesale fraud,” but that “people need to be aware.” The credit union also suggests that members monitor accounts for anomalous activity.

In a news release on the SCU site, the credit union wrote that in the wake of the attack, “and numerous other similar attacks on businesses large and small,” its aim is to keep members “safe from scammers.”

It offers helpful tips for effective cyber hygiene, some of which include:

  • Use caution in giving out bank details; make sure you are 100% sure it’s the right organization
  • Do not change bank details without thorough vetting/verification
  • Only access a company’s official website; enter by typing the address in the browser
  • Log out of systems after you’ve finished
  • Add virus and malware protection to any device that uses the Internet (including IoT devices)
  • Carry out regular software updates (allow for automatic ones if possible)
  • In downloading software, ensure it’s from a reputable/verifiable source
  • Count on updating your passwords regularly (and making them complex)

While these tips are aimed at the SCU member base, they are largely applicable for the enterprise – as security teams oversee awareness campaigns to educate staffers about proactive cyber behavior/hygiene.

Both health and financial data (highly sensitive) will continue to fall within the crosshairs of hackers. Password offensives such as the “brute-force” attack can become a true thorn in the side of IT security practitioners.

In a recent article for the Cyber Security Hub, Integral Partners’ Director of Information Security Services, Kayne McGladrey, said, “Multi-factor authentication (MFA) that incorporates User Behavior Analytics (UBA) is the lowest-cost and easiest solution for organizations to prevent both credential stuffing and password spraying attacks. These attacks both work because the user account is typically protected with a password which may be stolen or guessed, and which may be reused at multiple websites and cloud services.

“MFA requires that the user provide a second form of authentication to access a cloud service… Modern MFA solutions incorporate UBA, which can require MFA only when the user is doing something unusual… This simple and elegant solution can protect both non-privileged business and privileged users.”