DDoS Attacks in the Wake of French Anti-terror Demonstrations

January 20, 2015 Kirk Soluk

On January 15th, France’s chief information systems defense official, Adm. Arnaud Coustilliere, announced a sharp rise in online attacks against French web sites:

“Calling it an unprecedented surge, Adm. Arnaud Coustilliere, head of cyberdefense for the French military, said about 19,000 French websites had faced cyberattacks in recent days, …” [1].

As we’ve done in the recent past for North Korea [2], Hong-Kong [3], and Israel [4], we can leverage Arbor’s ATLAS initiative to observe how real world conflict is reflected in the digital realm. ATLAS receives anonymized Internet traffic and DDoS event data from over 330 participating Internet Service Providers worldwide. In particular, we are interested in DDoS attacks before and after Sunday, January 11th. As reported in [1],

“Coustilliere called the attacks a response to the massive demonstrations against terrorism that drew 3.7 million people into the streets Sunday across France.”

In order to gauge this response, we compare the DDoS attacks that took place between January 3rd and January 10th to the DDoS attacks that took place between January 11th and January 18th inclusive.

Attack Frequency

Between January 3rd and January 18th, a total of 11,342 unique attacks were reported as targeting France – an average of 708 attacks per day. The following series of graphs depict the frequency and size of these DDoS attacks for the 8 days before and after January 11th, 00:00:00 GMT.

Figure 1 illustrates the total number of reported DDoS attacks targeting France for the eight-day period before January 11th, and for eight days after January 11th:

France-Fig1-NumAttacks

We observe a 26% increase in the number of DDoS attacks in the period after January 11th.

Attack Size

Figure 2 compares the average size of DDoS attacks in terms of bandwidth (Gbps) before January 11th, and afterwards:

Figure 2: Average Attack Size (Gbps)

Here we observe a 35% increase in average DDoS attack size after January 11th. Specifically, in the eight days prior to January 11th, the average attack size was 1.21 Gbps. After January 11th, the average attack size was 1.64 Gbps.

Attack Size Distribution

Figures 1 and 2 above illustrate that not only were there more attacks after January 11th, the attacks were larger, as well. The following table details this observation:

France-Table1-AttackSizeDistribution247 (5%) of the DDoS attacks in the period prior to January 11th were greater than 5 Gbps while 678 (11%) of the attacks after January 11th exceeded 5 Gbps in size. Thus, while Figure 2 describes a 35% increase in average attack size post January 11, the percentage of attacks larger than 5 Gbps more than doubled.

Peak Attack Sizes

Figure 3 depicts the size of the largest attack before and after January 11th 00:00:00 GMT:

France-Fig3-PeakAttacks

January 9th saw a 40.96 Gbps attack, while a 63.02 Gbps attack was reported on January 11th. The January 11th attack was 54% larger than the attack observed on January 9th.

Conclusion

On January 11th, the largest demonstration in French history took place as millions marched in anti-terrorism rallies across the country [5]. On January 15th, Adm. Arnaud Coustilliere, announced an unprecedented surge in online attacks against French websites, calling these attacks “a response to the massive demonstrations” [1]. Arbor’s ATLAS data presented above appears to support Adm. Coustilliere’s claims.

Comparisons of DDoS attack data over the eight-day periods before and after January 11th show:

  • a 26% increase in the number of attacks,
  • a 35% increase in the average attack size,
  • a 100% increase in the number of attacks larger than 5 Gbps and
  • a 54% increase between the peak attack events in the two time periods.

This is yet another striking example of significant online attacks paralleling real-world geopolitical events.

References

[1] http://bigstory.ap.org/article/806d34082511483cafe2deaa1a7e6061/car-hits-injures-officer-french-presidential-palace

[2] http://www.arbornetworks.com/2014/12/north-korea-goes-offline/

[3] http://www.arbornetworks.com/2014/11/ddos-activity-in-the-context-of-hong-kongs-pro-democracy-movement/

[4] http://www.arbornetworks.com/2014/08/ddos-and-geopolitics-attack-analysis-in-the-context-of-the-israeli-hamas-conflict/

[5] http://www.cnn.com/2015/01/11/world/charlie-hebdo-paris-march/

The post DDoS Attacks in the Wake of French Anti-terror Demonstrations appeared first on Threat Intelligence.

Read more...

Previous Article
DDoS Attacks in the Wake of French Anti-terror Demonstrations
DDoS Attacks in the Wake of French Anti-terror Demonstrations

On January 15th, France’s chief information systems defense official, Adm....

Next Article
DDoS Attacks in the Wake of French Anti-terror Demonstrations
DDoS Attacks in the Wake of French Anti-terror Demonstrations

On January 15th, France’s chief information systems defense official, Adm....