French DDoS attacks spike after terror protest

News by Doug Drinkwater

Arbor Networks says that the number and size of DDoS attacks against French websites spiked considerably after 3.7 million people took to the streets to protest against terrorism.

The firm leveraged its Arbor Atlas initiative, which receives anonymised internet traffic and DDoS event data from 330 internet service providers (ISPs) worldwide, to view events in France in the days after the protest, which was in response to the Charlie Hebdo shootings that left 20 people dead.

The magazine was targeted by ISIS sympathisers and others unhappy with the satirical magazine's ridiculing of Islam, including its depiction of the Prophet Muhammed. The publication also satirised other religions.

Comparing the DDoS attacks between January 3-10 and 11-18, the US security firm found that there were 1,342 unique attacks – an average of 708 attacks a day – during the two week period.

However, the firm noted in a recent blog post that the number of DDoS attacks after the march rose by 26 percent with the average size of DDoS attack growing 35 percent. In the eight days prior to the attack, the average size was 1.21Gbps but this later increased to 1.64Gbps.

The vast majority of these DDoS attacks were low-level although the number of attacks larger than 5Gbps did double in the days after the protest. Arbor reports that one attack measured as high as 63.2 Gbps on January 11.

“This is yet another striking example of significant online attacks paralleling real-world geopolitical events, wrote Arbor's threat intelligence and response manager Kirk Soluk.

Speaking to SC after it first emerged that ‘thousands' of French websites were facing cyber-attacks, Corero Network Security CEO Ashley Stephenson said that DDoS attacks were increasingly being used as an attack tool during international conflicts.

“Whatever the motivation – cyber-terrorism, retaliation, religious incitement, radicalisation… It is clear that modern conflicts will be fought in the cyber-world as well as the real world,” he said via email.

“The internet should be better protected against all of these associated cyber-threats. Increasingly we are seeing DDoS used as a tool in and around these conflicts and we should be prepared to institute increased cyber-security to protect this vital resource.”

Last week, Admiral Arnaud Coustilliere, head of cyber-defence at the French military, said that about 19,000 French websites had faced cyber-attacks in the days after the shootings, although one source closely connected with the clean-up operation for some of these sites later told SC that hacking groups from Tunisia, Syria, Morocco, the Middle East and Africa had largely ignored DDoS as an attack vector because such attacks “didn't work”.

Instead, Gérôme Billois, senior manager of Solucom, said that these groups - also believed to often be ISIS sympathisers - had looked to scan thousands of websites to identify and exploit common WordPress, Joomla and other content management system (CMS) vulnerabilities.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews