Yesterday, reports emerged of widespread network outages across major U.S. telecoms and companies like T-Mobile, Instagram, Comcast, and Chase Bank.
According to a tweet by Anonymous, this has been attributed to DDoS attacks on U.S. companies, with speculations accusing China amid the tensions in South and North Korea regions.
In yet another tweet, Anonymous posted an interactive map acquired from Digital Attack Map which highlighted the large influx of traffic directed towards the US:
Source: Digital Attack Map
DDoS (Distributed Denial of Service) attacks occur when servers and cyber-systems are overloaded with more traffic and network requests than they are equipped to handle. To evade detection and security measures, such as automatic IP blocks, DDoS attackers typically use a large army of bots, different IP addresses and networking tactics to make it harder for systems to tell malicious traffic from legitimate individual requests. This results in the target systems being unable to respond, or crashing altogether, therefore causing outages.
In fact, as of today Down Detector is highlighting the very many organizations that were impacted by the outage, which includes some major players: AT&T, Spectrum, T-Mobile, US Bank, among others.
Source: Down Detector
However, industry experts remain skeptical if these outages indeed resulted from a DDoS attack, or was it a case of simple network change gone wrong?
CloudFlare CEO, Matthew Prince dodged the DDoS suspicions via a series of tweets:
“There’s a lot of buzz right now about a “massive DDoS attack” targeting the US, complete with scary-looking graphs (see Tweet below). While it makes for a good headline in these already dramatic times, it’s not accurate. The reality is far more boring,” stated Prince.
“It [started] with T-Mobile. They were making some changes to their network configurations today. Unfortunately, it went badly. The result has been for around the last 6 hours a series of cascading failures for their users, impacting both their voice and data networks,” he added.
In the same Twitter thread, Prince posts detailed infographics generated by CloudFlare that shine light on the “boring” reality of internet traffic.
Investigative journalist and cybercrime reporter, Brian Krebs also cast doubts if this incident necessarily constitutes a DDoS attack. Krebs stated this could have simply been a result of a “wonky update in the systems.”
Needless to say, in these times of heightened anxiety from the pandemic and protests, the outage left over 110,000 T-Mobile users unable to make or receive calls, starting around 12pm ET on June 15th.
President of Technology, Neville Ray stated “Teams continue to work as quickly as possible to fix the voice & messaging problems some are seeing.
Data services are now available & some calls are completing. Alternate services like WhatsApp, Signal, iMessage, Facetime etc. are available. Thanks for your patience.”
As of today, just a few hours ago, Ray has confirmed the issue is now resolved: “Voice and text services are now restored. Thank you for your patience as we fixed the issues. We sincerely apologize for any and all inconveniences.”
The happening was definitely not well received by some of the telecom’s customers:
Outages like these reinforce our dependence on technology and place greater responsibility on companies to make sure their systems are up, in addition to securing them against latest threats and attacks.