Network Improvements & Net Neutrality
So what does Net Neutrality have to do with Network Improvements? Good question. As some of our customers are painfully aware, we have been the target of a malicious hacker over the past several months. Most cyber attacks come in the form of intrusion when network and server security is lax. However, our servers proved impenetrable from years of hardening experience. The hacker’s only alternative was to attack the network itself by flooding it with so many packets the network and the servers wouldn’t know how to respond. This is called a DDOS attack and the kinds that were targeted at us were DNS Amplification attacks which uses legitimate but exploited DNS servers to flood our networks with garbage information.
Remember the show Law And Order, the episode where they subpoenaed a doctor’s office and the office delivered a truck-load of files that inundated the investigative staff? Imagine if those trucks kept coming. That’s what a DDOS attack does for the sole purpose of denying anyone else access to the network or server.
I live by US Army adage, “what doesn’t kill you, makes you stronger”. What that means is, you adapt to diverse and hostile situations and learn from it. That’s exactly what we did. I was under the impression for a long time that our servers were impenetrable and therefor nothing could go wrong. While they proved to be extremely secure and inaccessible to the hacker, I had never thought about the single point of failure being the small networks available to our state.
Another legal matter helped to compound this issue – Net Neutrality. We’ve all heard the whining from Facebook, Google, and other internet giants, “Net Neutrality will raise our costs.”
And I say, “Of course it will.”
Net Neutrality stated that an Internet Service Provider had to remain neutral in ALL network traffic transversing their networks – this included DDOS attacks. While we were being DDOSed, I was in contact with my ISP’s network engineers trying to resolve the attack by filtering out the traffic upstream. But the response always led to one final answer, “We legally cannot filter this traffic by law. You can thank Net Neutrality for that.”
When the attacks started to be directed at the AIT, Inc datacenter, I then became in contact with them. They contacted their upstream provider, Contingent and got a very similar answer from them. At this point, two companies were under attack by the same hacker using an online booter website. This got the FBI involved to a degree. The FBI’s mantra is much like the US Army, “Hurry up and wait”, and we needed immediate results. The FBI proved to be little to no help as they don’t seem to do anything unless you drop actionable information into their laps, and even then it seems you have to also drop a call to the supervisor to progress the case on that information.
The time I spent in cyber forensics in the US Army, which isn’t much, I know it is hard to track someone down if they don’t want to be found. It is by no means impossible but there are jurisdictional boundaries you can’t legally cross. With every state, country, and region claiming their own jurisdiction, bouncing a bad packet around the world means the likelihood of you being found becomes near-zero unless you manage to piss off every country you’ve bounced that packet through. In the case of our script kiddy, he was using the same methods to mask his identity and that is what the internet allows for which is why we are opponents to total privacy on the internet and are working with congressmen as we speak to create a system of identification while online that remains private until a subpoena or warrant is issued.
In the matter now, one subpoena or warrant won’t cut it, even hundreds won’t cut it because the UK isn’t going to obey a warrant or subpoena from the United States. This can, however change. If ISP’s were required to identify their users or traffic by attaching an outbound authorization (signature) to communicate with other hosts, the internet would suddenly have accountability again. This means market places would become safer, the dark web would dissolve, and you could identify people just as easily as meeting them in public.
AIT, Inc, to protect themselves, instructed us to find another provider for rack space. I can’t blame them, the DDOS attacks were not letting up and the hacker was already in contact with them over VPN’s and Tunnels instructing them, like a terrorist, that the attacks would continue until they absolved us from their network. The attack, lasting for two days on their network, inured about $2.7 million dollars, so they claimed, while the attack on our company, for 27 days inured about $372 thousand dollars from paying employees overtime for mitigation, moving servers, and having to refund customers.
This is where my congressman got involved. Thankfully being in the US Army, I became very intimate with the systems and contacts within a congressional office and how to use those contacts to get certain things done or certain investigations started. We sat down in Congressman’s Holdings office and went through how this happened and the laws in which aided it – Net Neutrality.
Before Net-Neutrality, ISP’s could prioritize packets from risky networks much lower than from reputable networks. What does that mean? Networks who handled abuse complaints promptly were considered reputable networks. This does incur a significant cost to the company because a 24 hour abuse team has to be on call and responsive to abuse complaints. When it is possible for an ISP to stipulate that a bad network’s packets are being throttled because it contains a significant portion of attacks to their networks and customers, these large corporations have to hire people that are capable of monitoring, identifying, and stopping malicious attacks to other networks. This is why Google and Facebook vehemently oppose the repeal of Net Neutrality. Smaller companies like Goldsboro Web Development and Goldsboro Networks don’t own an entire facility, instead we co-opt them and have a small staff to watch over the systems in our area of operation which means our cost to police our network is much smaller. However, our cost to mitigate a successful DDOS attack is astronomical and severely disproportionate to what the internet giants would have to pay for being responsible network owners.
Congressman Holding agreed with me and in partnership with a coalition of 8 other congressmen, they went to work formulating a repeal to Net Neutrality. The damage was already done, and we were already underway in engaging in practices and steps which would prevent future DDOS attacks. Sure enough, the attacks stopped once these plans were implemented. We have employed the use of Data Scrubbing technology from high-bandwidth data centers, our servers have seen NO downtime abet our operational costs have more than doubled. The hacker even gloated and sent us an anonymous message saying, “Contratz, you have a network that can withstand a DDOS attack.”
However, this also did not stop the partnership from moving forward to repeal Net Neutrality. Net Neutrality was repealed on December 14, 2017 with Congressman Holding leading the charge in the US House of Representatives. We celebrated and immediately contacted our providers to employ additional filtering services up-stream to which they were happy to oblige.
So far this year, we have seen no downtime from our 131 production servers. Attacks on these servers and networks have all but evaporated, and even intrusion attempts have ceased.
It may take a lot to admit your mistakes, but it takes a lot more to learn from them.