News
News Categories

StarHub confirms DDoS attacks affected its home broadband service (Updated)

By Vijay Anand - on 28 Oct 2016, 9:31pm

StarHub confirms DDoS attacks affected its home broadband service

Note: This article was first published on 26th October 2016 and updated with the latest findings and actions taken by StarHub.

Image source: StarHub's Facebook page.

Since the night of 22nd October, scores of StarHub’s home broadband customers took to the company’s Facebook page to vent their frustration for the downtime of internet connectivity. Here’s a rundown of what happened.

One of the earliest incidents reported was actually from HardwareZone’s own community as members started various forum threads (as early as 10.23pm on 22nd October) to get some sense of what was happening and if others were affected too.

While StarHub responded in the wee hours of 23rd October that it has rectified the downtime incident, the service resumption was only temporary as it went down again on 24th October.

By the early morning of 25th October, StarHub once again posted the hopeful message that the problem had been arrested and they are monitoring the situation.

Just hours ago, the ‘Big Green Pipe’ issued a media statement and made a Facebook post to share their preliminary investigation findings:-

Singapore, 25 October 2016, 10:20pm – We have completed inspecting and analysing network logs from the home broadband incidents on 22 October and 24 October and we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service (DDoS) attacks on our Domain Name Servers (DNS). These caused temporary web connection issue for some of our home broadband customers.

On both occasions, we mitigated the attacks by filtering unwanted traffic and increasing our DNS capacity, and restored service within two hours. No impact was observed on the rest of our services (mobile, enterprise, home voice services), and the security of our customers’ information was not compromised. We kept customers informed on these matters via our hotline and social media. 

We continue to stay vigilant against possible follow-up DDoS attempts. In addition, we are working closely with the authorities to determine intent and source of these two DDoS attacks. 

These two recent attacks that we experienced were unprecedented in scale, nature and complexity. We would like to thank our customers for their patience as we took time to fully understand these unique situations and to mitigate them effectively. 

Further details such as the source of the attack or the whereabouts were not revealed. Despite their findings and assurance that the problem has been arrested, there are still customers complaining on StarHub’s Facebook that their internet connectivity is still affected at the time of publishing:-

Image source: StarHub Facebook page.

What’s more, StarHub’s customer service agent has replied that they won’t be able to provide any compensation for this service outage. This doesn’t bode well from a service recovery aspect and we’ve yet to hear if StarHub could be considering options behind the scene. While certain intermittent outages could be overlooked, the downtime faced by their home broadband customers is much longer than usual.

Image source: StarHub Facebook page

Back in 2011, Singtel was fined S$400,000 when its telecoms services went down for 22 hours. And in 2013, it was fined S$50,000 for fixed lines service disruption. Given these incidents and the length of service disruption, there’s fair chance that IDA might step in to slap a fine for StarHub’s home broadband service downtime. However, it is still anyone's guess if StarHub would compensate its home broadband customers. 

We’ll update this story when more details come to light, so stay tuned to this page.

 

Updated on 28th October 2016 :-

The Cause

(with further reporting from Irene Tham in The Straits Times)

Following a media briefing on this incident on the evening of 26th October, StarHub has clarified that the traffic overload from the DDoS attack was actually from local systems through compromised devices from their subscribers. Had the attack came from an external source, StarHub could have prevented the DDoS as it's from a foreign point of origin. In this case, the traffic is local and thus appeared legitimate. Fortunately, StarHub manually filtered out traffic from the hijacked machines and increased its DNS capacity to restore its broadband services.
 

StarHub steps up to secure customers' compromised devices

Following the restoration of broadband service to its customers, StarHub is sending out its HubTroopers to check selected homes where suspected compromised devices may have aided the recent DDoS attack on its DNS equipment and help secure these devices. Here's the full statement from StarHub:-

To further safeguard our network and our customers from cyber attacks, we are scheduling home visits to customers whose home internet-connected devices were likely accessed without their knowledge during the 22 October and 24 October 2016 Distributed Denial of Service (DDoS) attacks on our home broadband Domain Name Servers (DNS). We would like to thank customers for their cooperation.

During the home visits, our technical service officers HubTroopers will conduct an on-site investigation before helping the customers secure any unsecured internet connected devices. These may include installing anti-malware software, changing default passwords, updating device software, fixing device mis-configuration and/or replacing devices.

Compromised devices can be likened to a home with an open or unlocked backdoor. In the internet world, such unprotected devices can potentially allow unauthorised access to sensitive data, like passwords, credit card information, and video streams from webcams. Unbeknownst to the owners, these devices can also be used as an army of cyber weapons for malicious activities, like sending spam, slowing internet access and launching attacks to take down websites and IT systems.

We would like to rally everyone to play an active role in cyber security readiness. We encourage customers to review the security settings of their internet connected devices and disconnect any suspect device.


Source: StarHub, HardwareZone Forums

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.