Since the beginning of the week on Monday, Turkey has been inundated with a barrage of DDoS attacks targeting the country’s official domain name servers. Altogether, hundreds of thousands of websites including those of universities, government institutions, schools and the military have been affected.
The attacks began early Monday morning. The domain names ending with Turkey’s internet code, .tr were starting to feel the brute force of a relentless DDoS attacks.
The Daily Dot reports that all websites with the suffix .tr have to be registered with the administrative body NIC.tr, based in Ankara, Turkey’s capital city. Nic.tr is also tasked with looking over the academic internet backbone of the country, with universities also registering their websites with the admin body.
A few hours into Monday, by noon, all of NIC.tr’s five name-servers, all the way from ns1.nic.tr through to ns5.nic.tr were knocked offline with a 40 Gbps DDoS attack.
Altogether, about 400,000 websites are said to be affected. Those of localized Turkish domain names that also include 300,000 companies.
By evening on Monday, Turkey’s National Response Center for Cyber Events shut down all international incoming traffic to NIC.tr to basically provide a blackout for all those trying to reach Turkish domains with .tr from outside the country.
The significant move kept even email communications at bay, with any emails addressed to companies or university emails with the .tr domain bouncing back. Although the Response Center changed the policy by late Monday night, NIC.tr is selectively blocking a range of suspect IP addresses from around the world.
Simple and yet Sophisticated
While a 40 Gigabits per second DDoS attack may sound massive, renowned security expert and blogger Brian Krebs sums up “the new normal” of DDoS attacks to range between 200-400 Gigabits per second.
Although not substantial like some of the larger attacks, the DDoS attacks targeting Turkey is destructive due to the targets chosen. Essentially, targeting the five name-servers of NIC.tr, a small group of IP addresses –relatively speaking—had the attacks “take down the DNS system” of an entire country, as reported by the publication.
While it is hard to detect or even prove where an attack if coming from (they’re distributed), commentators from Turkey are firmly pointing the finger at Russia. The recent downing of a Russian fighter jet by Turkey near Syrian borders has resulted in heightened diplomatic tensions between the two countries. Russia even claimed that Turkey’s President is directly involved in illegal oil trade with radical extremist group ISIS. Russian President Vladmir Putin claimed that the downed plane was one mandated to attack ISIS targets in Syria.
Even Hacked was the target of a DDoS attack in recent times, one which came in with a ransom demand from the attacker. We mitigated it with better DDoS protection and we’re now offering a reward for those who can help us find the attacker.
Featured image of Cappadocia, Turkey, via Shutterstock.