Cyber attacks on StarHub reveal difficulties in defending critical infrastructure

When the first complaints came in last Saturday, folks at StarHub might have thought they were facing yet another routine outage or server problem.

They were probably not expecting to be hit by a cyber attack that was unprecedented in scale and sophistication.

The telecom operator today said the attack on its DNS (domain name servers) on two separate days was launched from its own customers’ PCs and devices which were taken over by hackers. Many of its broadband users could not surf to websites as a result.

With this revelation, there is no question this was a sophisticated and well-planned attack, one with a clear target in mind. More importantly, it shows how difficult it is to fight such threats.

StarHub would have stopped such DDoS (distributed denial of service) attacks from the outside, because its servers would be accessible only by its subscribers.

However, the flood of traffic that such an attack brought about was from its own customers, who are usually allowed to connect to its servers. This means someone had taken care to get into StarHub users’ devices to plan an attack on their service provider.

StarHub rightly said today that the responsibility for cyber security rests with everybody, including users. It advised them to buy devices such as routers and Internet cameras from reputable manufacturers.

This way, they don’t end up being taken over by hackers who can control thousands of such devices to flood a telco with their traffic. But that’s easier said than done.

When was the last time you updated your network attacked storage (NAS) device? Or your Internet-connected TV? In future, what about those smart devices coming onboard such as a connected fridge or even kettle?

And that’s assuming that manufacturers offer an update. After PCs have been patched up regularly in recent years, it’s clear hackers are looking to devices that are less secure and not usually updated.

In a similar attack in the United States last week, millions of Internet cameras were said to be commandeered by hackers to disrupt a DNS service by American firm Dyn.

The cameras, made with components from China’s Hangzhou Xiongmai Technology, are now being recalled. But that’s not before they were used to take down a chunk of the Internet in the US, including services such as Spotify and websites like The New York Times.

What can service providers like StarHub do? They can beef up defences, as they have been doing. The same goes for power plants, land transport system providers and government agencies as well.

Though it is still unclear who initiated the attack on StarHub, it may just be a precursor to more serious threats in future.

Security experts have long wondered if state-backed hackers could be simply testing the waters, probing how hard it would be to take down a large part of the Internet. In the past week, the hackers would have found the results encouraging.

With millions of connected devices coming onboard soon, mounting a defence against a concerted threat will get more difficult.

Will governments have to start mandating that all such devices, from digital door locks to cameras, be updated?

Or will users get help from the technology industry, like how they stepped up to harden PC defences in the past, to better protect their increasingly connected lives?