Connect with us


Suspected Commonwealth Games DDoS was only a Fortnite update



One hour before the opening ceremony of the 2018 Commonwealth Games was due to start, the network operations team at the event’s network provider, Optus, started seeing massive traffic spikes on their telco network. Here comes the distributed denial of service (DDoS) attack, they thought, and they had plenty of reasons to be worried.

Only two months earlier, the Olympic Destroyer worm had disrupted the opening ceremony of the Winter Olympics in South Korea, deleting files and corrupting systems.

One month before the April 4 ceremony on Australia’s Gold Coast, the internet had seen a DDoS attack hitting 1.3 to 1.7 terabytes of data per second.

Optus wasn’t just the Games’ network provider either. It was a Tier 1 sponsor.

“Our brand was going to be all over everything you saw to do with the Games. That’s like putting a target on your back,” says Narelle Wakely principal security advisor with Trustwave, an Optus company.

“We had similar infrastructure and applications to the Winter Olympics. And so it really put us on heightened alert,” Wakely told APNIC 48, the twice-yearly conference of the Asia Pacific Network Information Centre, in Chiang Mai, Thailand, on Tuesday.

“We had rising escalations between the UK government and the Russian government, with the former spy Sergei Skripal and his daughter getting poisoned on UK soil,” she said.

“We also had the traditional foes of the US and North Korea talking about coming together for face-to-face meetings for the first time that could possibly be happening in Singapore. The timing wasn’t known. Our parent company is a Singaporean company, so that was adding heightened risks.”

The Games network team wasn’t seeing the traffic spikes seen out on the consumer network, though. Further investigation would show the potential threat was just a false positive.

“It was Fortnite doing a very large update, and of course that had to happen an hour before our opening ceremony, didn’t it,” Wakely said.

“Everybody had come home, done their homework, had their evening meal, and gone to turn on PlayStation.”

How to avoid emergency-patching 133 switches

The 2018 Commonwealth Games was the first to have a single company provide a unified network that handled everything from video streaming for TV broadcasters to recording the results.

“When a swimmer reached out and touched the wall winning the race, when an athlete crossed the line, those results had to get from the Gold Coast across to Perth [in Western Australia, where the data centre was located] and back again within milliseconds,” Wakely said.

One of the key tools for successfully delivering that network was a detailed map of the network, she said, from both operational and cybersecurity perspectives.

“Make sure that you visualise, put on a page, get those diagrams going,” Wakely said.

“It really aids in communication to everybody in your team and into your management layers… It also enabled us to very quickly highlight where changes were happening from a cybersecurity perspective, and what the impacts of those changes were.”

Just as the Games network had gone live, Cisco issued two critical vulnerabilities that were rated 9.8 out of 10.

We’re all taught to patch such critical vulnerabilities as soon as possible with an emergency change, but Optus faced a dilemma.

“This network, we’ve just got it going, the events are running. Do we patch and risk disrupting the network availability? Do we not patch and risk being exploited by this vulnerability? What can we do to help make this business decision?” Wakely said.

“[The] security blueprint on a page enabled us as a multi-vendor team to come together as one team”, allowing them to “very quickly highlight where changes were happening from a cybersecurity perspective”, and their potential impact.

“Our management team by now were very familiar with this diagram and what the changes meant. And we were very quickly able to articulate that we would only apply the critical patch to three routers, and we would not apply it to 133 switches,” Wakely said.

“Now that’s a big call to make for a 9.8 out of 10 critical vulnerability. But we were able to evaluate that from a risk perspective at a business level due to having clear communication diagrams like the one in front of you.”

Wakely also stressed the importance of having the right people. Not only did they have technical security analysts on-site, but they also had executive-level cyber leadership physically in the room.

“That person was also able to engage with government teams, engage with senior people in the Commonwealth Games authority, engage with our executive,” she said.

“So don’t think cybersecurity is a technical analyst any longer. It is an executive type of resource.”

Disclosure: Stilgherrian travelled to Chiang Mai, Thailand, as a guest of APNIC.

Related Coverage

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


A longer Land Rover Defender called the 130 is coming



The Land Rover Defender returned to the US in recent months and has proven to be a popular SUV for many buyers. Currently, the vehicle can be had in two-door and a longer four-door version known as the Defender 110. Many buyers have been clamoring for something with more space in the third row, and Land Rover is set to deliver.

A new Defender 130 is on the way, according to a recent report. The 130 will have 14 extra inches of body, giving it a much more usable third-row seat. The optional third row in the 110 is only fit for smaller children. The longer Defender could mean a third row suitable for actual adults.

The 130 will be targeted at buyers in the US, China, and the Middle East. The chassis for the 130 will be the same with the same wheelbase as the Defender 110. However, the vehicle will have an overall length of 201 inches. While more space inside the Defender 130 is exciting, even more exciting was the recent announcement of a new V-8 engine option for the Defender in 2022.

Land Rover is offering a supercharged V-8 engine under the hood. The downside to putting the V-8 engine in the vehicle is that the price jumps up significantly. For 2022 the Defender 90 V-8 (pictured) starts at $97,200, with the Defender 110 V-8 starting at $100,400.

No matter which version you purchase, they get the same 5.0-liter supercharged V-8 that makes 518 horsepower and 461 pound-foot of torque. Land Rover says the Defender 90 V8 will reach 60 mph in 4.9 seconds and 149 mph given enough road. Both six-cylinder and four-cylinder engines remain options.

Continue Reading


Ford issues a recall on a small number of delivered Mustang Mach-E EVs



Ford has announced that it is issuing a safety recall on some of its Mustang Mach-E EVs delivered to customers. Ford says the recall impacts fewer than 75 customers who have already taken delivery of their electric vehicles. Ford says that during checks it performs to deliver high levels of quality and customer satisfaction, it discovered some of the vehicles could have subframe bolts that a supplier did not tighten to specification.

Ford says that the issue means impacted vehicles don’t meet its standards, but it is unaware of any accidents or injuries related to the condition. Ford says that 94 percent of the 1258 total impacted vehicles in the US and 90 in Canada will be serviced before they are delivered to customers. Dealers are inspecting subframe bolts and will tighten them as necessary.

For the 75 owners who have taken delivery of their vehicles, notifications will begin going out to them the week of March 22. Ford has given the recall reference number 21S09. The Mustang Mach-E is a very important vehicle for Ford. As its first real entry into the fully electric vehicle market, it’s critical that the vehicle is successful and delivers high-quality for buyers.

This recall isn’t the first issue that Ford has had with the Mach-E. In January, the automaker confirmed that it was delaying the delivery of hundreds of vehicles while it performed additional quality checks. Exactly what those quality checks were looking at is unknown. The automaker delivered a small number of Mach-Es late in 2020, and speculation was that owners had discovered some issues that needed to be addressed.

Ford seems to have learned a valuable lesson in launching high-profile vehicles with significant issues from the get-go. The automaker launched the all-new Explorer and took a beating over substantial problems with many of the cars.

Continue Reading


This Bugatti Divo Lady Bug’s geometric paint job is truly one-of-a-kind



The Bugatti Divo is a Chiron for the racetrack, but this Lady Bug version with its diamond-shaped fading patterns is best appreciated while the car is stationary. As if the Divo is not outrageous enough, one lucky customer in America wants to push the boundaries further. And as expected, Bugatti pulled it off, although it took quite a while to iron the challenges of creating an exclusive, one-off Lady Bug paint job.

“Every Bugatti Divo is one of a kind. With the custom-made ‘Lady Bug,’ Bugatti has demonstrated the full range of its customization expertise,” said Stephan Winkelmann, President of Bugatti. The car really demonstrates what the marque is capable of in terms of creativity and craftsmanship.”

Creating Lady Bug’s geometric-dynamic algorithmic fading pattern seems easy on paper. Given the Divo’s three-dimensional sculpted body, the 2D digital patterns became distorted upon application to the car’s body, which is not good enough if you’re paying upwards of $5-million for a track-ready version of the Bugatti Chiron.

“The Lady Bug was an exceptional challenge and, at the same time, an unforgettable experience. Due to the nature of the project, where a 2D graphic was applied to a 3D sculpture, we were close to giving up,” said Jörg Grumer, Head of Color & Trim at Bugatti Design. “However, it is our profound conviction that we should never give up and that our foremost motivation should always be to make the impossible possible for the customer.”

The entire project took two years to complete as Bugatti CAD modelers simulated and created a diamond pattern design with around 1,600 individual diamonds in six-meter long transfer films. Each diamond (yes, all 1,600 of them) is checked and realigned in the body to rule out any distortions.

The designers spent countless hours rehearsing the application procedure on two test vehicles before the moment of truth.

“Every maneuver had to be exactly right in this painstaking task; therefore, we decided to do another rehearsal before the final stage of work. Because there could only be one attempt on the customer’s car, and that had to be perfect,” said Dirk Hinze, an expert in customization and surfaces at Bugatti.

The final step is applying the paint finish before painstakingly peeling away each diamond. The base color, Customer Special Red, is contrasted with graphite and clear coat to invert the pattern. According to Bugatti, it took the paintwork artist two weeks to sand, smooth, check, retouch, and re-sand every millimeter of the body surface.

The result is a one-of-a-kind Bugatti Divo Lady Bug, the only one in existence. It has a standard 8.0-liter W16 engine pumping out 1,479 horsepower. Since the Divo weighs less and has more downforce than a regular Chiron, it goes around the Nardo handling circuit a full eight seconds faster than the former.

Continue Reading