VietNamNet Bridge – The Vietnam Computer Emergency Respond Team VNCERT has voiced its concern about the relevant units’ weak capability of responding to the large scale DDoS attacks.

C&C servers conducting DDoS attacks to online newspapers found

Many online newspapers become DDoS victims


{keywords}



The warning was given by Vu Quoc Khanh, VNCERT’s Director at a state’s conference in July 2013. The latest DDoS attacks to Vietnamese online newspapers were considered just the “experiment offensive.” Meanwhile, a lot of problems were shown in the campaigns to withstand the attacks.

Khanh said the involved parties were subjective and underestimate the hackers, while some victims of the DDoS attacks were uncooperative with VNCERT. Especially, some Internet service providers (ISP) disobeyed the commands given by VNCERT as the coordinator in the rescue mission campaigns.

VNCERT has found some noteworthy things in the DDoS attacks to a series of online newspapers, including VietNamNet, Dan Tri, Tuoi Tre in the time from the end of June to the end of July.

Four DDoS campaigns were carried out, each of which last about one week and used different kinds of “weapon” for the attacks. Especially, the hackers mobilized the servers located in different countries to create the botnets to attack Vietnam.

After carrying out the first attack in Germany, the hackers then conducted the other three from the Netherlands and Ukraine. They even reserved the domain names to prepare for the next offensive campaigns.

VNCERT believes this is the manifestation of a very dangerous experiment offensive, which may have big impacts on a large scale, if hackers aim to other websites or other Internet-based service providing systems, especially the government agencies’ important information systems.

Khanh, while highly appreciated the attitudes of some foreign partners to cooperate with Vietnam to fight against the attacks (neutralizing the servers from which the attacks were originated), complained that it did not receive the cooperation from some domestic units.

As soon as discovering the signs of the DDoS attacks, VNCERT immediately contacted online newspapers to ask for information, but most of the victims said they did not think this was a DDoS attack. They noted the unusual increase of the access capacity, but affirmed they would be able to fix the problem.

Since the victims were uncooperative, VNCERT could not find the malware sample soon. Only when Tuoi tre newspaper contacted VNCERT one week later, could VNCERT get the samples for analyzing and predicting the next steps the hackers may take, so as to prevent their moves.

The Ministry of Information and Communication then closely cooperated with the agencies of the Ministry of Public Security to keep watch over the hackers’ moves, update the new anti-malware products in order to ease the number of malware infected computers.

However, VNCERT has requested domestic agencies and organizations to pay bigger attention to the works of preventing and fighting against malware, saying that they need to “go one step ahead” to minimize the possible consequences.

Khanh also complained about the non-cooperation from ISPs. VNCERT sent dispatches, requesting ISP to joint forces to block the IPs of the networks spreading out the malware. However, ISPs did not do this at the same time. Especially, some ISPs were on weekend holiday, and they only began the work on Monday morning.

The Ministry of Information and Communication has been urged to issue a new legal document which stipulates that ISPs and relevant units must obey the VNCERT commands in case of emergency.

Buu Dien