Wednesday’s attacks on the public service television network TV5Monde by attackers claiming allegiance to the Islamic State were unprecedented in terms of scale and visibility, with more than 11 channels as well as TV5Monde’s website and social media accounts compromised.
The attacks underscore the need for more news organizations to implement and update their digital security defenses against attackers seeking to embarrass and spread propaganda. Although it is currently unclear how the perpetrators penetrated the network, it shows just how vulnerable media networks can be to this scale of attack.
Although the French network did not appear to experience a distributed denial of service or DDoS attack, which make online services unavailable to their intended users, these are also worth noting as they are growing in frequency and scale and are often used to divert attention from other forms of malicious activity.
According to the 10th Annual Worldwide Infrastructure Security Report by security firm Arbor Networks, 42% of respondents reported more than 21 attacks per month in 2014, compared to 25% of respondents in 2013. The peak attack size is now 400 gigabits per second (Gbps) versus a few years ago when a DDoS attack above 100 Gbps was rare.
Forty-two percent of media companies experienced some form of DDoS attack in the last 12 months, according to a 2014 Survey of Global IT Security Risks conducted by B2B International in conjunction with Kaspersky Lab, an international software research group. Other companies have placed the percentage even higher, although the timeframe measured has been shorter.
Interestingly, only 38% of media organizations were interested in DDoS countermeasures, according to the 2014 Kaspersky survey. In today’s resource-strapped environment, this is not necessarily surprising. But the cost of doing nothing still costs something.
According to Kaspersky, DDoS attacks, which force a server to crash, can cost small-to-medium-sized businesses an average of $52,000 per incident, with the costs to large businesses even higher, with an average of $444,000 in IT spending and lost business. In addition, 38% of businesses said they believed a DDoS attack damaged their company’s reputation. DDoS attacks also prevent information from being disseminated, thereby exacerbating censorship — even if it is intermittent.
Attackers' motivations for launching DDoS attacks vary. Some use DDoS as a political tool, often in tandem with real-world events like protests or elections. Sometimes attackers seek an information ransom requiring the victim to pay money to remediate the attack, while others have been waged simultaneously with the arrest of journalists and bloggers, with the apparent aim to intimidate and stifle political discussion. DDoS attacks can also occur in conjunction with filtering, intrusions, and defacements.
DDoS attacks made headlines again last week when the social coding website GitHub was attacked by the strongest DDoS attack in its history. Several experts believe the GitHub attack was an attempt by Chinese actors to force GitHub to remove a specific class of content, such as pages which feature links to mirror sites for the Chinese language version of The New York Times and the anti-censorship project GreatFire. If so, Chinese ire with GitHub would not be new. In early 2013, the Chinese government attempted to block Github, but restored access after significant outcry.
China-based attackers also have allegedly been behind online attacks on news organizations and western journalists since at least 2008. But they are hardly the only ones. The so-called Syrian Electronic Army (SEA) has waged DDoS attacks against The New York Times and The Washington Post, among others. In Russia, several independent Russian news organizations experienced DDoS attacks during the height of protests in 2011. Independent blogger websites, including journalists who focus on security, have also fallen victim to DDoS attacks.
Unfortunately, half of businesses worldwide don’t appear to have countermeasures against DDoS attacks, according to Kaspersky. Numerous security firms exist that help provide DDoS mitigation for paying clients, but more organizations are beginning to offer DDoS mitigation help for free or at reduced costs to public interest organizations that provide artistic, political or news content. For example, CloudFlare, a free global CDN and DNS provider, extends its enterprise-class DDoS protection as part of its initiative called Project Galileo, which will keep the identity of those seeking help private to avoid potential backlash. Google Ideas offers a new initiative called Project Shield, which leverages Google’s DDoS mitigation technology and allows websites to serve their content through Google’s infrastructure without needing to move their hosting location. Another option is Virtual Road, a project of Qurium – The Media Foundation, which for several years has provided a secure hosting platform for independent media at reduced rates. It currently hosts approximately 50 media sites from 20 countries, including major independent news media of Azerbaijan, Rwanda, Zambia, Sri Lanka, Pakistan and Nigeria.
As DDoS attacks grow in scale and become more frequent, news organizations need to consider potential DDoS mitigation strategies to ensure that if and when they are victimized, they are able to respond with resilience and get back online quickly. To do otherwise, would be a victory for those seeking to silence their voices.