Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Nude celeb pics wrongly blamed for DDOS at New Zealand's largest ISP

Actual culprit appears to be silly router configurations and Euro-nasties

New Zealand's largest ISP, Spark, has spent the weekend fighting off a DDOS incorrectly assumed to have a connection with last week's nude celebrity picture scandal.

The ISP hit trouble last Friday, when it Tweeted that some of its subscribers had become infected with malware that was flooding its DNS servers and making it hard to access the web.

Some media put one and one together to reach a total of three, by assuming that the malware was deposited by sites purporting to offer the chance to gaze upon popular entertainers wearing no clothes. The sites offered something along those lines, plus malware downloads.

But Spark has hosed down that hypothesis, writing on Facebook that it isn't ruling out malware, but has found “cyber criminals have been accessing vulnerable customer modems on our network.”

“These modems have been identified as having 'open DNS resolver' functionality, which means they can be used to carry out internet requests for anyone on the internet,” the ISP explains. “This makes it easier for cyber criminals to ‘bounce’ an internet request off them (making it appear that the NZ modem was making the request, whereas it actually originates from an overseas source).”

“Most” of the culprit modems “were not supplied by Spark and tend to be older or lower-end modems.”

Spark says the attack originated in Eastern Europe and looked like this:

“The DDoS attack was dynamic, predominantly taking the shape of an ‘amplified DNS attack’ which means an extremely high number of connection requests – in the order of thousands per second - were being sent to a number of overseas web addresses with the intention of overwhelming and crashing them. Each of these requests, as it passes through our network, queries our DNS server before it passes on – so our servers were bearing the full brunt of the attack.

While the Spark network did not crash, we did experience extremely high traffic loads hitting our DNS servers which meant many customers had either slow or at times no connectivity (as their requests were timing out). There were multiple attacks, which were dynamic in nature. They began on Friday night, subsided, and then began again early Saturday, continuing over the day. By early Sunday morning traffic levels were back to normal and have remained so since. We did see the nature of the attack evolve over the period, possibly due to the cyber criminals monitoring our response and modifying their attack to circumvent our mitigation measures – in a classic ‘whack a mole’ scenario.”

During the attack, Spark suggested its customers point their browsers at Google's DNS servers, a handy workaround even if does mean a little more latency.

And the celebrity nudes angle? It's unverified. And likely a way to get you clicking on stories. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like