- Security Risks from DDOS Attacks
- DDOS attack suspected, investigation ongoing
- Solar flare impact considered
Federal agencies are “urgently investigating” whether Thursday’s widespread cellular disruption in the United States was caused by a cyberattack.
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are investigating the source of the service disruption that affected AT&T, Verizon, T-Mobile, and a dozen other cellular providers.
Lee McKnight, an associate professor at Syracuse University in New York, described the apparent devastation as “a massive Distributed Denial of Service (DDOS) assault on the foundational infrastructure of the Internet.”
This type of assault aims to take down an online service or website by flooding it with an overwhelming volume of unnecessary requests simultaneously.
The servers become overwhelmed with basic requests, leading to their overload and subsequent shutdown.
DDOS Attacks and Cybersecurity Threats
According to McKnight, an affiliate of the Institute for National Security and Counterterrorism (INSTC), DDOS attacks are becoming increasingly popular among cybercriminals.
He referred to the 2016 incident where major websites like Amazon, Netflix, Twitter, and PayPal were brought offline by the Mirai botnet. McKnight stated, “Some of those were launched by children for fun, while others were by malicious actors.”
The hourly rental of DDOS as a service attacks is not feasible on the Dark Web; thus, the identity or culpability of the perpetrators may remain unknown.
Disrupting mobile services with the sole intention of causing chaos by impeding 911 calls is possible.
However, the disruption may be a coincidental effect of the hackers’ true objective, which is espionage.
Upon successfully infiltrating the internal servers of mobile carriers, the hackers would gain unauthorized access to customers’ contact data records.
Such information would include geolocation data, call records, and text messages.
The professor hypothesized that a misconfigured cloud could also have been the cause, indicating that human error led to the disruption.
Cloud Misconfiguration and Security Risks
McKnight stated, “A major cloud service provider such as AWS or Azure experiencing an outage at one of their data centers is possible but seems unlikely to be the cause.”
To return to the other services experiencing downtime: should AT&T business services, for instance, be the principal business partner of other organisations, their challenges would inevitably impact their clientele as well—at least until they are able to redirect traffic to a potential alternative service provider.
Although this is speculation based on scant information, human error or cloud misconfiguration remains the most likely cause.
Misconfigurations in the cloud consist of deficiencies, errors, and vulnerabilities that arise from the improper selection or complete disregard of security settings.
Such errors may disrupt system performance or expose the cloud to potential intrusion by malicious actors.
In 2018, this concern allowed China and Russia to “attack Google.”
The data of users worldwide was intercepted by servers located in Nigeria, China, and Russia, some of which were operated by prominent state-owned telecommunications companies.
It is unknown whether hackers exploited the disruption that occurred on Thursday.
Misconfiguration of the cloud can occur through various means, including the retention of default settings.
Cybersecurity Lapses and Global Risks
Unaltered defaults are sometimes referred to as a “basic error,” which occurs when a system administrator fails to modify the default credentials, including usernames and passwords.
Ignoring records that contain information regarding security holes, unauthorized access, breaches, and other pertinent matters is an additional error.
Failure to address records in a timely manner may result in system personnel being inundated with details that are challenging to rectify.
However, it is unknown whether the disruption was caused by a misconfigured cloud environment.
In the past year, AT&T has experienced data intrusions, the most recent occurring in March and affecting nine million customers.
Kyivstar, the leading mobile service in Ukraine, was the target of a cyberattack in 2023 that damaged IT infrastructure, disrupted services for half of the population, and endangered the ability of millions of people to receive notifications regarding potential Russian air strikes.
However, the majority of breaches in the United States have resulted in data theft rather than cellular blackouts.
A solar flare struck AT&T in 1972, resulting in the disruption of wireline services.
The present storm was compared to the Carrington Event of 1859, the strongest geomagnetic storm ever.
Solar Flare Sparks Communication Fears
The repercussions of such a solar storm in the twenty-first century would have calamitous consequences for our communications systems.
A meteorologist reported a solar flare online at midnight on Thursday, saying the “timing is intriguing.”
A intense solar flare was indeed reported to have occurred around midnight. However, does this relate to the cell phone outage? It is not inconceivable, and the timing is intriguing, but we cannot be certain at this time. Justin Horne of KSAT 12, located in Texas, posted on X.
On the other hand, according to the website of the National Oceanic and Atmospheric Administration, a radio blackout occurred. It happened beneath Asia and on the eastern coast of Africa.
Interference is caused when lower atmosphere levels are ionized by a solar flare. This affects long-range radios used by commercial airlines, military organizations, and government agencies.
At approximately 4:00 a.m. ET, the outage put numerous iPhones in SOS mode, hindering their ability to send messages, make
phone calls, or browse the web.
With the most recent iOS software, the SOS Only icon is located in the upper-right quadrant of the control center. In earlier versions, it was situated in the upper-left corner.
Nonetheless, emergency SOS calls to authorities are possible.
Although some cellular networks appear to be coming back online, many remain perplexed about what caused the widespread blackout.