SINGAPORE - StarHub issued a statement on Tuesday (Oct 25) night to confirm that its broadband disruption on Saturday and Monday were due to "malicious distributed denial-of-service (DDoS) attacks on our Domain Name Servers (DNS)".
The Cyber Security Agency and the Infocomm Media Development Authority had earlier said that the two incidents happened on the heels of Friday's attack against the United Stated-based Domain Name System (DNS) service provider, Dyn.
"We cannot rule out the possibility that this was a DDOS (Distributed Denial of Service) attack," said both agencies in a statement on Tuesday (Oct 25) evening. "What is important now is for StarHub to determine the root cause of the problem and prevent a recurrence."
DDoS attacks work by having thousands of infected computers accessing and overwhelming a targeted site, causing a huge spike in traffic.
Following an initial investigation, StarHub said earlier today that a spike in traffic to its DNS jammed the servers leading to Internet disruption for some home broadband customers for about two hours on both Monday (Oct 24) night and Saturday night (Oct 22).
It is conducting a thorough investigation to determine the root cause.
A DNS is a database that translates web addresses, such as www.nameofwebsite.com, into machine readable sets of digits - also known as IP addresses - for customers to view websites on their computers. When a DNS is not operating optimally, customers may not be able to access websites.
To arrest the issue, the telco said it started to filter any unwanted traffic and added capacity to its DNS to manage the increased load. The telco also said that the disruption was only "intermittent" and not widespread. Mobile, enterprise and home voice services were not affected, and "the security of our customers' information was not compromised", it maintained.
Singtel and M1 said that they have not seen anything unusual on their networks but they are on high alert.
Here is StarHub's press statement on the disruptions.
StarHub Confirms Cause of Home Broadband Incidents on 22 October and 24 October 2016
Singapore, 25 October 2016, 10:20pm - We have completed inspecting and analysing network logs from the home broadband incidents on 22 October and 24 October and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our Domain Name Servers (DNS). These caused temporary web connection issue for some of our home broadband customers.
On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity, and restored service within two hours. No impact was observed on the rest of our services, and the security of our customers' information was not compromised. We kept customers informed on these matters via our hotline and social media.
We continue to stay vigilant against possible follow-up DDoS attempts. In addition, we are working closely with the authorities to determine intent and source of these two DDoS attacks.
These two recent attacks that we experienced were unprecedented in scale, nature and complexity. We would like to thank our customers for their patience as we took time to fully understand these unique situations and to mitigate them effectively.
Notes:
1. DNS is a database that converts web addresses like www.nameofwebsite.com into machine readable sets of digits, for customers to view websites on their computers. When a DNS is not operating normally, customers may face difficulty in accessing the internet.
2. DDoS happens when a IT equipment such as a computer, router or server is flooded with a sudden and enormous volume of traffic from multiple sources, in an attempt to cause congestion or to shut it down.
