Turkey was no.1 target for DDoSers in Q4 2015

Turkey has taken the no.1 spot as most DDoSed country in the last quarter of 2015, according to a report from NexusGuard

Turkey has made its share of enemies on the international stage, not least Russia
Turkey has made its share of enemies on the international stage, not least Russia

Turkey has become the most DDoSed country in the world. According to a new report which brings together data from the last quarter of the last year, Turkey was the victim of 30,000 attacks a day.

The report collates data collected by DDoS mitigation company NexusGuard and covers the last quarter of 2015.

Following Turkey by orders of magnitude were countries that would be perhaps more predictable targets for a DDoS campaign. The US received less than a third of the attacks that Turkey was subject to. Meanwhile Canada received only a half of that and France a half of that.  

But why Turkey, and why was the US, arguably the only superpower left in the world, left languishing in second place.

Geopolitical events, says the report, “consistently change the landscape of attacks. These events can happen in a heartbeat and do not require government sponsorship. Whether countries officially support or turn a blind eye to the attacker these types of campaigns happen regularly. No country is innocent for these types of attacks. For example Iran targeting financial institutions, Russia attacking Estonia or Georgia, and the US turning a blind eye to political activist, the Jester.”

Turkey might not be the largest, most powerful or important country in the world, but there are few countries who goad their critics quite as much.

Several historic grievances of genocidal proportions stem from Turkey, grievances which Turkey has not yet fully come to terms with.

The Turkish Premier, Recep Tayyip Erdoğan along with powerful elements within the country, continue to declare their skepticism over the Armenian genocide, in which Turkish forces killed between 800,000 and 1.5 million Armenians. Perhaps more immediately  pressing is Turkey's relationship to the Kurds. The Kurds are Turkey's largest ethnic minority and military conflict between Kurdish separatists and Turkish military forces are not uncommon. Never more so than now, when Turkish Kurds are among those attempting to fight ISIS.

Moreover, the current government is not a popular one with much of its population, nor the international community.  In 2013, the Erdoğan government cracked down on protestors over new reactionary laws against basic civil rights. Leading up to today, Turkey has shut down several media outlets critical of the government and continues to detain journalists at a level that ranks the country among the worst places in the world to be a journalist

All this aside, attacks observed by NexusGuard peaked between November 13th and December 27th. It is perhaps no surprise that this coincides with Turkey shooting down a Russian military jet and the subsequent deep chill that diplomatic relations between the two countries underwent.

“In Q4 2015, attacks on Turkey skyrocketed ten-fold to more than 30,000 events per day, surpassing the popular targets China and the US." Terrence Gareau, chief scientist at NexusGuard told SCMagazineUK.com,"this was the first time we have seen such a dramatic shift of events directed at a particular country. We believe this sharp increase in the number and size of attacks may be related to rising tensions between Russia and Turkey.”

If these attacks do stem from Russia, "it's a demonstration of Russian power in a deniable way", Ewan Lawson, a cyber-warfare expert at the Royal United Services Institute (RUSI) told SC, "you [Turkey] cant démarche it you cant take action against it but in the meantime its really screwing up your day."

"I guess the Russian intention is to say don't mess with us and hope the Turkish government gets fed up with it", added Lawson. 

NexusGuard's report further adds that “Russia is not an amateur when it comes to executing denial of service attacks in a response to political events.”

Certainly, Russia, and groups within Russia, are no slouches when it comes to cyber-warfare or cyber-warfare by proxy. Any number of impressive attacks on infrastructure and widespread DDoS campaigns, not to mention mere cyber-criminality, is traced back to the country. Perhaps most famous is the aftermath of the removal of the Bronze Soldier of Tallinn. Though constructed as a memorial to the Russian soldiers killed fighting Nazi aggression on The Eastern Front, many Estonians saw it as an enduring reminder of Soviet occupation. the statue was deeply unpopular and, in 2007, the decision to move or remove the statue was met with widespread rioting.

When the Estonian government finally agreed to remove the statue altogether, the response came not from Estonians, but what from many believe to be forces within, or allied to, the Russian state. On 27 April 2007, Estonian government websites were flooded with DDoS attacks, shutting down much of the country's online infrastructure. 

Once the onslaught had ended Estonian politicians were quick to point the finger at Russia and individuals associated with, though not directly ordered by, the Kremlin have come forward to claim responsibility. While the attacks have still not been traced directly back to Russia, Russians, with or without government support, remain the prime suspects.