Anonymous Africa, the group that took responsibility for the recent attack on the SABC’s websites, said it believes the attack was the largest South Africa has ever seen.
The group told MyBroadband that at times its distributed denial of service (DDoS) attack was pushing speeds of 80Gbps.
“We are hoping for 120Gbps in our next exercise,” said the group.
“Right now anything ANC, ZANU-PF, or EFF is fair game to us.”
“We do have a thing for going after the corrupt and racist. I expect you can see some unjust institutions being targeted.”
According to Anonymous Africa, it achieved this scale through DNS reflection. “Lots and lots and lots and lots of DNS reflection.”
We do not support black nationalism, we do not support white nationalism. We support no nationalism. Stop those who want to separate us
— Anonymous Africa (@zim4thewin) June 13, 2016
What is Denial of Service and DNS Reflection?
When the group describes its attack as “DNS reflection”, it is referring to the mechanism and vulnerabilities it used to knock the SABC’s websites offline.
A reflected attack sends forged or “spoofed” requests to computers that reply to the requests.
In this case, it was DNS requests with the SABC’s websites set as the source. These requests are often sent from a large number of computers in a botnet to specific DNS servers.
This is also called a DNS Amplification attack, as the responses from the DNS servers are larger than the original requests that were sent.
The DNS servers amplify the attack bandwidth.
Since the SABC’s websites were set as the source of the DNS requests, they were flooded with the responses from the DNS servers.
Another benefit of this type of attack, the group said, is that since the requests were forged, the SABC is going to struggle to find their command and control servers.
“None of their IPs will show up in the attacks,” said Anonymous Africa.