National Botnet Network coming: Earthwave

National Botnet Network coming: Earthwave

Summary: Distributed denial-of-service (DDoS) attacks are on the rise, and, according to Earthwave CEO Carlos Minassian, the situation will get worse when the National Broadband Network (NBN) rolls out.


Distributed denial-of-service (DDoS) attacks are on the rise, and, according to Earthwave CEO Carlo Minassian, the situation will get worse when the National Broadband Network (NBN) rolls out.

Carlo Minassian
(Credit: Earthwave)

Speaking to ZDNet Australia, Minassian said that in the most recent quarter to 31 March 2012, he saw DDoS attacks grow across his client base by around 700 per cent. Of these, 50 per cent were aimed at government organisations, with the remainder typically for financial services and critical infrastructure groups.

Last week alone, he said that Earthwave's security operations centre dealt with major DDoS attacks on two Australian organisations, one of which he said was a major retail shopping centre chain.

Despite the growth, he said that Australian organisations are naive; he stated that most people don't know how to deal with DDoS attacks.

"If you're a typical organisation in Australia, most of them have 10 megabits per second, 100Mbps internet links, [but] the smallest DDoS uses 10,000 bots, so for them to flood and take you out is really simple in Australia," he said.

The saving grace for these organisations is that traffic in Australia is comparatively different to traffic in the US.

"In America, the type of DDoS they're experiencing ... some attacks are 95Gbps. In Australia, the DDoS we're experiencing is like 6Gbps, because our connectivity to the rest of the world is not that big."

However, with the roll-out of the NBN, Australia has the potential to look more like the "National Botnet Network", and become a juicier target for hackers.

"Everyone will have 100Mbps connections to the NBN, and there's going to be literally tens of thousands of compromised machines connected to the NBN from home PCs as part of a botnet, and [attackers will have] access to literally gigabytes and terabytes of bandwidth then," he said.

"Australia will become a massive botnet of zombies. It will take a while, but, once it happens, once they have access ... then they can launch, 50Mbps, 100Mbps, 100Gbps [or] 150Gbps attacks."

According to Minassian, an army of zombie computers is only the tip of the iceberg, as hackers begin to shift their tactics from censoring websites through takedowns to causing significant economic damage to businesses.

"There is a new type of DDoS. We refer to it as an economical DDoS," he explained.

He said that as more people jump on-board the cloud movement, and pay an outside provider for bandwidth, there is a huge opportunity for hackers and unscrupulous business competitors to attack their rivals — not to take down their website, but to increase the amount of bandwidth they consume, thus leaving the company to have to purchase from their provider.

"You'll get a bill from [your provider] all of a sudden that's half a million dollars [when] usually you pay $10,000," he said.

"This is something that's coming. It's happening slowly, but it's going to come more and more as cloud popularity grows."

Topics: AUSCERT, Broadband, Security, NBN

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Thats just stupid.. what else is the NBN going to get blamed for?

    People die crossing the road, are you going to ban cars or police it better?
    • No... they'll just blame the NBN for that too ;-)
  • OMG, the sky will fall if we get NBN - it must be cancelled immediately!

    Sorry; was just channelling Malcolm Turnbull there for a moment . . .
    • Well the message certainly is clear. Never do anything because something might happen.

      Seriously it seems to me "Earthwave" just want to sell us some ineffective security solution of theirs, but they conveniently don't mention what that is so people are left with their idiotic implication that it is somehow the NBN's fault.
      Hubert Cumberdale
  • Don't laugh, Mr Turnbull is dumb enough to try and use this against the NBN. I'm sure the noallitions magical FTTN will be impervious to DDoS attacks.
  • you really think it's going to be such a grim future?

    looking at South Korea, Japan, even Czech Republic - I haven't seen either emit more news coverage over that of China. Am not sure there's a 'direct' correlation of a country's internet speed to botnet proliferation.
  • When an operating system is sold it should not launch until an approved security service is purchased online with a list of approved supppliers in the launch window, an it should be mandatory to be kept online and automatically updated.
    This should be a mandatory legal requirement like a drivers licence.
    Kevin Cobley
  • you are kidding right - what qualification do you have to make such wildy stupid statements - do you really have customers who pay you for your opinion - amazing
    rant rant rant
  • I am not sure how this issue becomes an attack on Mr Turnbull. But I guess he is fair game. In any event I would have thought a Ddos would be achievable regardless of network speed.
    Knowledge Expert
    • The question is not whether DDoS can be achieved or not but whether DDoS originating from compromised computers on a slower network (e.g. xDSL) has the same impact as DDoS originating from compromised computers on a fast network (e.g NBN).

      Lets look at this in another way, if 50 people shot someone at the same time using a hand gun, you would see a dead guy with 50 bullet holes, now if 50 people shot somoene at the same time using shot guns then I suspect there wouldnt be much left of the body to examine - it would simply be annihilated :-)
      • I guess but in both cases, dead body!
        Knowledge Expert
        • Nice analogy. Another factor is whether you can find 50 people with powerful enough weapons. Minassian's argument is essentially that the NBN upgrades our "weapons" making us more attractive candidates to join the firing squad (but it also provides us with other benefits, of course).

          Size and force then become an important factor when other groups are attempting to block the bullets.
          Michael Lee (Mukimu)
  • What earthwave is suggesting here is not new. It has been suggested by many other security experts in the past inc;uding Symantec and discussed in forums such as Whirpool.

    Too many people take anything related to NBN personally, instead of evaluting each opinion for its merits.

    As a security consultant who has witnessed organisations suffer extended DDoS for more than 4 months and having witnessed its impact on that SaaS based business, I truly hope that ISPs take the proposed iCode seriously and that the NBN design has some inherent DDoS mitigation built into the network as suggested by some.
    James Turner-5d991
    • Further to the comments from James, I can add that most botnets will test the bandwidth of the end host before they take control of that system. If the host is not sitting on a fast connection then often they will not bother with it.

      With this in mind I suspect faster connections will result in bigger DDoS attacks as suggested here.
  • DDoS works because you have enough compromised machines to clog the pipe or servers of the victim.
    If, the victim's pipe is widened by a factor of ten and so is the pipe of the bots, there is no net change in this part of the equation.
    If the bot is consuming ten times the resources as previously, the liklihood of it being noticed increases also.
  • For as long as cybercrime has been around, Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have been a possibility and reality. Despite what PR people might say, companies would use it as a tool against their rivals, and of course criminal organisations would use it (via thousands of specifically and unknowingly infected PCs) for their own purposes.

    From dialup to DSL, DSL to cable/DSL2+ and now cable to the NBN, there is no stopping people from committing these crimes (yes, the bigger pipe makes it more prevalent, but still). You don't have to grin and bear it, you have to put work into your infrastructure to reduce the impact.