Small and medium ISPs are being targeted by a massive DDOS attack, which according to police has been carried out on a huge scale since Monday at 200 gigabytes per second.
The Maharashtra police on Sunday registered a Massive DDoS attack (Distributed Denial of Service) on Internet Service Providers (ISPs) in the state. Police said this is the first attack be registered in the country. They also said the massive DDoS attack was still being carried out! Investigators said millions of Internet Protocol (IP) addresses infected with a kind of virus known as a Trojan are being used in the attack.
Small and medium ISPs are being targeted by the massive DDOS attack, which police said has been carried out on a massive scale since Monday at a speed of 200 gigabytes per second. The Cyber Crime department of the Maharashtra Police is currently working in collaboration with the Indian Computer Emergency Response Team to mitigate the attack and trace the source.
An officer with the investigating team told The Hindu, “We have been mitigating the attack, blocking all the Internet Protocol (IP) addresses involved as soon as we identify them. The attack, however, still continues. The resources behind the attack have to be considerable. We are trying to trace the location from which the attack is being orchestrated.”
In this case, the miscreants have targeted small and medium ISPs which don’t have the infrastructure to fend off such attacks, crippling the services they offer. The operations of their subscribers, which include commercial entities, have been severely affected.
Police said many IP addresses worldwide are infected with Trojans, which find their way into computers through spam mail or advertisements on web pages, and users don’t realize it. The Trojans lie dormant till a hacker needs them to perform a specific function, and they can be programmed to strike together in a consolidated attack.
In a DDOS attack, a hacker creates a sudden surge of activity on a server by pinging it with virus-infected IP addresses. Billions of IP addresses infected with Trojans or other malware are available for sale or on rent on the so-called ‘dark net’, which hackers can use for such exploits.
As a result, Indian ISP customers have experienced a painfully slow internet connection for a week. Webpages are loading after a prolonged delay or timing out.
The cyber police say that it is state-wide and besides being among the largest of its kind in the world, the attack is the first of such a magnitude in India. The perpetrators as of now are unknown.
IT expert Vijay Mukhi says, “The idea of a DDoS is to make a computer or a server very slow so that anyone who uses an ISP’s services cannot connect. If you are an ISP like Hathway or Seven Star, your users get very low internet speeds. If you access websites like Flipkart or Amazon, your shopping experience becomes very slow; you may not even be able to shop.”
Any cyberattack, in particular a DDoS attack, can be felt by a slowing down of the internet. One will have difficulty opening websites, will see a huge increase in spam and will experience reduced or no access to services like email and net banking.
Cyber lawyer Prashant Mali said all servers of government and commercial entities access the internet via ISPs. “Thus, an attack on ISPs is an attack on the nation.”
As of now, the particulars of the attack point to Eastern Europe and China, he said. “The reason of a DDoS attack is usually business rivalry, but the motive this time seems an attempt to hamper our economic growth by targeting e-commerce.”