The BBC is reporting that internet connectivity with Burma (Myanmar) has been effectively shut down in advance of the first elections held there in 20 years.
Only 200 PCs Needed
If the BBC report is true, it would only take 200 relatively low speed internet connected PCs to take the country of Burma off line. Let me explain. In the BBC story about Burma, it is stated the entire country is connected to the internet over a 45Mbps link, that’s a DS3 to the network and telecom people. It isn’t much bandwidth for an entire country.
To take any network or servers off line, all that any attacker needs to do is effectively cause your network to be too busy for user connections to get through. Just like a busy signal on your telephone. Doing that’s isn’t very hard.
Only 15 PCs connected with common home bandwidth could take down the country of Burma. That isn’t many PCs is it. Even the slowest broadband connections have 256 Kbps, which means only 200 PCs are needed with that upstream connectivity to take Burma effectively off line. If a botnet controller wanted to attack an IP and they have 100,000 PCs, that translates to 25 Gbps. Most companies, even with large pipes like a Fortune 100 company has, would be taken off line. 200 PCs is a small number and could be quickly blocked, which is why botnet owners have 100,000 – 5M PCs.
Are You Part of a Botnet?
Every time I speak with someone who isn’t worried about viruses on their computer(s), they always say, “there’s nothing important on my PC.” That may be true, but most viruses are not just about the data on your PC. Those nefarious programs are about using your PC and your high speed connection for whatever tasks the virus writers desire. Basically, they want your PC to be part of their botnet.
Botnets are distributed networks of computers that check in every few hours or every few days to a control group of PCs that tell each PC what to do. Botnet-controlled PCs are told to
- search the internet for other PCs that can be infected; always adding more is important
- send spam email for pron or drugs (Buy Viagra!) to get cash
- request specific attacks on specific computers and networks to take targets off line
- force companies to pay a ransom to stop network-based attacks
- prevent time sensitive communication (block critical events)
- take pretty much any company off the internet
Botnet attacks begin with a flood of requests to the target server and network. Initially, those packets are not very complex and all look the same. If the target has the experts available, blocking those simplistic attacks the connectivity provider and letting just real user packets is easy. A committed attacker would change the attack to appear like normal users and dynamically use slightly different packets from each of the botnet controlled PCs so the protecting experts wouldn’t be able to use a simple blocking rule. With every counter move from the protectors, the attacker would use another, slightly different, more complex attack and this just needs to go on long enough to cause a critical time sensitive event to pass. Remember, the attacks are coming from many thousands of PCs all over the world. Sure, only 200 PCs are needed, but those 200 would be singled out and blocked quickly, so another 200 and another and another are needed. That’s what botnets provide, millions of PCs to attack companies around the world.
Imagine that you are an off-shore sports betting internet company. A week before the largest betting event that your company gets, you receive a ransom request demanding $50,000 of your network will be taken off line for the next 10 days. Your company will spend $40,000 fighting an attack and will make over $2M off the bets (at least). What would you do? Would you pay or fight? If you pay, then the attackers know exactly how to get paid before every major event. If you don’t, you could be taken off line and not see any of that money from your customers.
The same attacks against the betting industry are effective against any internet-based business or information flows. If the network is relatively small, like Burma, then taking an entire country off-line is trivial.
Just to be clear, the JDPFu.com website could be taken off line by just a few attacking PCs. The website at the company where I work can be taken off line by 30 PCs attacking.
What can you do?
Use the following link to trackback from your own site: