StarHub: Cyber attacks that caused broadband outages came from customers' infected machines

Disruptions on StarHub's broadband network on Saturday (Oct 22) and Monday (Oct 24) were caused by bug-infested machines of the telco's own customers.
Disruptions on StarHub's broadband network on Saturday (Oct 22) and Monday (Oct 24) were caused by bug-infested machines of the telco's own customers.ST PHOTO: ONG WEE JIN
StarHub chief technology officer Mock Pak Lum during a press conference to address the disruptions on StarHub's broadband network on Saturday (Oct 22) and Monday (Oct 24).
StarHub chief technology officer Mock Pak Lum during a press conference to address the disruptions on StarHub's broadband network on Saturday (Oct 22) and Monday (Oct 24).ST PHOTO: IRENE THAM

SINGAPORE - The two waves of cyber attacks that brought down Internet surfing on StarHub's broadband network last Saturday (Oct 22) and on Monday (Oct 24) came from the bug-infected machines of the telco's own customers.

These are the latest findings revealed at a press conference organised by StarHub on Wednesday evening (Oct 26).

Later on Wednesday, Singapore’s Cyber Security Agency and the Infocomm Media Development Authority said that is the first time that Singapore has experienced such an attack on its telco infrastructure.

On the two occasions, many home broadband subscribers could not surf the Web for about two hours each owing to a spike in traffic to StarHub's Domain Name System (DNS).

StarHub chief technology officer Mock Pak Lum said: "Cyber security is everyone's responsibility and not just that of telcos, the Government and service providers."

 
 

He added that consumers could have bought malware-infected devices like web cams or routers that triggered the attack. He also advised consumers to buy devices from reputable vendors.

The telco said it will send technicians to help customers clean up any infected devices at their homes "soon".

A DNS is a directory that maps Web addresses such as www.abc.com to a machine-readable string of numbers to connect Internet users to websites.

When the DNS is not operating optimally, users may not be able to access the websites.

On those two occasions, subscribers' bug-infected machines turned into zombie machines that repeatedly sent queries to StarHub's DNS, overwhelming it.

This is known as a distributed denial-of-service (DDoS) attack.

As the traffic came from its own subscribers, they appeared legitimate.

But StarHub manually filtered out traffic from the hijacked machines and increased its DNS capacity to restore its broadband services.

It maintained that the security of customers' information was not compromised.

Singapore’s Cyber Security Agency and the Infocomm Media Development Authority issued a notice to all Internet service providers and telcos to step up their defences following two cyber attacks on StarHub’s infrastructure.

“This is the first time that Singapore has experienced such an attack on its telco infrastructure,” said the two agencies.

Although the attacks as seen in Starhub’s case are “generally rare”, it is an emerging trend, they added.

They are also urging owners of Internet-connected devices should adopt good cyber hygiene and secure their devices.

“Given the increasing connectedness of digital systems, there is no fool-proof solution. It takes a collective effort from companies and society to bolster our cyber resilience,” according to a joint statement late Wednesday.

The two incidents came hot on the heels of a similar DDoS attack last Friday against United Stated-based DNS service provider, Dyn.

A piece of malware called Mirai reportedly infected traffic cameras, which turned them into zombie machines that overwhelmed Dyn's DNS.

That resulted in a massive Internet outage on the east coast of the US, cutting off access to websites ranging from the New York Times website to music streaming service Spotify.