Hacked: Hacking Finance

Massive DDoS Cloud Rains On Turkey


Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


Alleged FBI Hacker Lauri Love Ordered to US Extradition by UK Home Secretary 15th November, 2016

The Largest Breach of 2016: 412 Million FriendFinder Accounts Exposed 14th November, 2016


Massive DDoS Cloud Rains On Turkey

Posted on .

Since the beginning of the week on Monday, Turkey has been inundated with a barrage of DDoS attacks targeting the country’s official domain name servers. Altogether, hundreds of thousands of websites including those of universities, government institutions, schools and the military have been affected.

The attacks began early Monday morning. The domain names ending with Turkey’s internet code, .tr were starting to feel the brute force of a relentless DDoS attacks.

The Daily Dot reports that all websites with the suffix .tr have to be registered with the administrative body NIC.tr, based in Ankara, Turkey’s capital city.  Nic.tr is also tasked with looking over the academic internet backbone of the country, with universities also registering their websites with the admin body.

A few hours into Monday, by noon, all of NIC.tr’s five name-servers, all the way from ns1.nic.tr through to ns5.nic.tr were knocked offline with a 40 Gbps DDoS attack.

Altogether, about 400,000 websites are said to be affected. Those of localized Turkish domain names that also include 300,000 companies.

By evening on Monday, Turkey’s National Response Center for Cyber Events shut down all international incoming traffic to NIC.tr to basically provide a blackout for all those trying to reach Turkish domains with .tr from outside the country.

The significant move kept even email communications at bay, with any emails addressed to companies or university emails with the .tr domain bouncing back. Although the Response Center changed the policy by late Monday night, NIC.tr is selectively blocking a range of suspect IP addresses from around the world.

Simple and yet Sophisticated

While a 40 Gigabits per second DDoS attack may sound massive, renowned security expert and blogger Brian Krebs sums up “the new normal” of DDoS attacks to range between 200-400 Gigabits per second.

Although not substantial like some of the larger attacks, the DDoS attacks targeting Turkey is destructive due to the targets chosen. Essentially, targeting the five name-servers of NIC.tr, a small group of IP addresses –relatively speaking—had the attacks “take down the DNS system” of an entire country, as reported by the publication.

While it is hard to detect or even prove where an attack if coming from (they’re distributed), commentators from Turkey are firmly pointing the finger at Russia. The recent downing of a Russian fighter jet by Turkey near Syrian borders has resulted in heightened diplomatic tensions between the two countries. Russia even claimed that Turkey’s President is directly involved in illegal oil trade with radical extremist group ISIS. Russian President Vladmir Putin claimed that the downed plane was one mandated to attack ISIS targets in Syria.

Even Hacked was the target of a DDoS attack in recent times, one which came in with a ransom demand from the attacker. We mitigated it with better DDoS protection and we’re now offering a reward for those who can help us find the attacker.

Featured image of Cappadocia, Turkey, via Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?


Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Penetration testing, also called pentesting, is an attack method which…