UPDATED 23:21 EDT / MAY 06 2018

INFRA

Tennessee DDoS attack may have been motivated by retaliation or protest

Russians? Chinese? Gun-averse liberals who hate Dixieland? All of those and other factors could be responsible for one of the weirdest cyberattacks of recent times after an election in Knox County, the main seat of government for Knoxville, Tennessee, was targeted by a distributed denial-of-service attack.

The DDoS attacked occurred last Tuesday evening, knocking county servers offline in a seeming attempt to delay the publication of the election results. Described by Cyber Security Hub as the DDoS “incident of the week,” the attack itself did not affect voting nor compromise the tallying of the results, only their publication. The county had to resort to printing the result in paper for distribution instead.

Tim Burchett, the mayor of Knox County, which has a population of 432,000, said he had called in a cybersecurity contractor to investigate the attack. He added that “this is not something that should happen” and that “I want to know what happened, and I think an independent review will help to determine that so we can move forward and work to prevent similar issues in the future.”

It may be easy to have some fun with such an oddly targeted attack, but one security researcher believes it’s worth examining. Rob Tate, security researcher at WhiteHat Security Inc., who analyzed the attack, told SiliconANGLE that “DDoS [has] evolved from people having fun to more targeted acts of retaliation or protest. The attack method may not aim to steal data but is often used to raise awareness and protest—essentially saying, ‘We brought down your site; nobody can get to you because we don’t like you.’ It’s a platform for activism.”

Noting that it’s not just municipal systems that are open to DDoS attacks, Tate said that websites usually aren’t equipped to handle such a massive volume of traffic and will simply “fall over and die” when this many requests are made simultaneously.

“It’s a difficult and sometimes expensive attack to prevent and one that attackers will continue to use because of its simplicity and ease,” Tate added. “Prevention is challenging because attacks are unique and hard to fingerprint. Building a robust monitoring system and red team in case of attack are key. Once an attack is underway, they typically have very similar-looking signatures. Capturing packets and identifying the unique fingerprint are also essential.”

Photo: knoxcounty/Flickr

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.