{"id":80423,"date":"2013-06-18T15:05:09","date_gmt":"2013-06-18T13:05:09","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=80423"},"modified":"2013-06-18T15:06:05","modified_gmt":"2013-06-18T13:06:05","slug":"anc-website-attack-how-did-is-react","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/80423-anc-website-attack-how-did-is-react.html","title":{"rendered":"ANC website attack: how did IS react?"},"content":{"rendered":"<p>A distributed denial-of-service (DDoS) attack, such as the one that took offline the website of the African National Congress (<a title=\"ANC\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/464137-African-National-Congress-ANC\">ANC<\/a>), has the potential to negatively affect other parts of the network it is hosted on, chief client officer at Internet Solutions (<a title=\"IS\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/226430-Internet-Solutions\">IS<\/a>), <a title=\"Costa Koutakis\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/330938-Costa-Koutakis\">Costa Koutakis<\/a>, recently told MyBroadband.<\/p>\n<p>It all depends on the architecture of the network, Koutakis said, who went on to explain that the ANC website had to be taken down to ensure that other customers behind the same firewall were not affected by the DDoS attack.<\/p>\n<p><a title=\"Afrihost\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/307435-Afrihost\">Afrihost<\/a> CEO <a title=\"Gian Visser\" href=\"http:\/\/mybroadband.co.za\/vb\/showthread.php\/301335-Gian-Visser\">Gian Visser<\/a> previously confirmed that the ANC website is hosted on a dedicated server on its network. Internet Solutions, in turn, provides hosting services to Afrihost.<\/p>\n<p>Based on a notice on the ANC website itself, and the whois record for the domain, the server appears to be managed by Unwembi Communications. A list of clients on the Unwembi website confirms this.<\/p>\n<p>Before explaining how they responded to the DDoS attack on the ANC website, Koutakis highlighted that such attacks are difficult to guard against, and before acting the destination of the attack has to be determined first.<\/p>\n<p>In this case it was evident that the ANC website was being directly targeted.<\/p>\n<p>A hacker-activist going by the name Anonymous Africa, or @zim4thewin on Twitter, announced almost an hour before the attack started that they intended to DDoS the website of the ANC.<\/p>\n<p>The reason for the attack, according to Zim\u2019s Twitter feed, was because the ANC is \u201cone of the biggest enablers of the mass murdering Mugabe\u201d.<\/p>\n<p>Once IS had determined the destination of the attack, Koutakis said, they could make the site unavailable.<\/p>\n<p>He added that the advantage of this response is that the rest of the sites hosted by their partners, such as Afrihost, are unaffected by the attack.<\/p>\n<p>Asked whether removing the site is the only step necessary to protect the rest of their network from a DDoS attack, Koutakis said that they do take steps to ensure that their routers and switches aren\u2019t overloaded either.<\/p>\n<p>\u201cWe have the ability \u2013 from a network intelligence perspective \u2013\u00a0to route the traffic for [the site under attack] into a black hole,\u201d Koutakis said.<\/p>\n<div id=\"attachment_80425\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-80425\" class=\"size-full wp-image-80425\" alt=\"Costa Koutakis\" src=\"http:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2013\/06\/Costa-Koutakis.jpg\" width=\"600\" height=\"400\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2013\/06\/Costa-Koutakis.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2013\/06\/Costa-Koutakis-250x166.jpg 250w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><p id=\"caption-attachment-80425\" class=\"wp-caption-text\">Costa Koutakis<\/p><\/div>\n<h3 class=\"my-4\">Guarding against denial-of-service<\/h3>\n<p>When asked whether more could be done to protect against DoS and DDoS attacks, Koutakis said that they do have the ability to block such activity on their network, but added that DDoS attacks are \u201creally not fair play from a technical perspective\u201d.<\/p>\n<p>It is possible for an attacker to make it incredibly difficult to detect and automatically respond to a DDoS attack no matter what measures you put in place, Koutakis said.<\/p>\n<p>He added that they block such attacks on their network on a daily basis, as do other Internet service providers (ISPs).<\/p>\n<p>\u201cIf a site is available to the outside world, it will be susceptible to these kinds of attacks,\u201d Koutakis said.<\/p>\n<p>\u201cWe are in the process of investigating options to be even more pro-active than we currently are,\u201d he added.<\/p>\n<h3 id=\"related\">More on DDoS and hacktivism in South Africa<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/80247-anc-website-attack-afrihost-responds.html\"><strong>ANC website attack: Afrihost responds<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/internet\/80229-anc-website-going-down-anonymous.html\"><strong>ANC website going down: Anonymous<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/internet\/80075-iol-hit-by-dos-attack.html\"><strong>IOL hit by DoS attack<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/78516-saps-website-hacker-interviewed.html\"><strong>SAPS website hacker interviewed<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/77814-spyware-servers-in-south-africa-the-plot-thickens.html\"><strong>Spyware servers in South Africa: the plot thickens<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/internet\/30574-original-ancyl-website-hacker-speaks-out.html\"><strong>Original ANCYL website hacker speaks out<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ANC website is hosted in the Internet Solutions data centre; this is how they reacted to the DDoS attack<\/p>\n","protected":false},"author":15,"featured_media":72698,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[19913,19252,1669,19897,19933,19562,1988,35,391,19911],"class_list":["post-80423","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-zim4thewin","tag-african-national-congress-anc","tag-afrihost","tag-anonymous-africa","tag-costa-koutakis","tag-distributed-denial-of-service-ddos","tag-gian-visser","tag-headline","tag-internet-solutions","tag-invader-zim"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/80423"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=80423"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/80423\/revisions"}],"predecessor-version":[{"id":80479,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/80423\/revisions\/80479"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/72698"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=80423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=80423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=80423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}