Authorities rule out cyber attack as cause of StarHub's 2016 broadband disruption

Starhub's home broadband services experienced disruptions in October last year.
Starhub's home broadband services experienced disruptions in October last year.PHOTO: ST FILE

SINGAPORE - The two disruptions in October last year (2016) to StarHub's home broadband network were not due to cyber attacks as the telco had suspected, an investigation has shown.

Instead, Starhub's network was found to have insufficient capacity, which the telco has since increased, according to findings released on Friday (April 21) by the Infocomm Media Development Authority (IMDA) and the Cyber Security Agency of Singapore (CSA).

The authorities confirmed the telco's own customers had partly contributed to the surge in Internet traffic that overwhelmed StarHub's systems, with IMDA directing StarHub to conduct an independent review of its infrastructure. Another contributing factor was recovery action taken by service providers in the United States following a cyber attack there.

IMDA said it "will not hesitate to take sterner action should a similar incident happen in future".

Its Telecom Service Resiliency Code spells out the minimum requirements for service availability. Breaching these requirements - such as a loss of 70 per cent or more of a telco's Internet bandwidth - may result in a fine ranging from $15,000 to $270,000 for every 30 minutes of outage.

 
 

Subscribers could not surf the Web intermittently for up to two hours each time on October 22 and October 24 as traffic spiked on StarHub's domain name system (DNS).

 

DNS maps Web addresses to a machine-readable string of numbers to connect Internet users to websites. When the DNS is not operating optimally, users may not be able to access the websites.

The two disruptions came on the heels of a cyber attack the week before on US-based DNS service provider Dyn.

A piece of malware called Mirai reportedly infected traffic cameras, which were used to take down Dyn's DNS.

This is why IMDA and CSA initially did not rule out the possibly of a cyber attack. StarHub had also made a police report suspectingit had suffered two cyber attacks.

The traffic surge on StarHub's network was indirectly linked to Dyn, said IMDA and CSA.

StarHub systems were inundated with traffic when its subscribers accessed affected United States content providers such as Amazon and Expedia after the content providers' third-party analytics vendor switched to another DNS service that is more resource-hungry.
 
The switch clogged StarHub's network resulting in surfing slowdowns. This could have prompted broadband users here to repeatedly refresh their Web browsers, which added to the jam.
 

The extra checks generated more traffic that clogged StarHub's network resulting in surfing slowdowns. This could have prompted broadband users here to repeatedly refresh their Web browsers, which added to the jam.

Mr Chong Siew Loong, StarHub's chief technology officer, said: "We assure our customers and the regulator that we will continuously review our security posture and enhance network resilience in partnership with network and security providers."