BBC Cyber-Attack Is A Powerful Reminder Of The Web’s Vulnerability

BBC Attack

In a blog post by the BBC’s Director General Mark Thompson, and a follow-up article on the main BBC News portal, the corporation lays out charges against the “Iranian authorities” of harassment and intimidation against its staff working in-country and also of censorship facilitated through a technology offensive.

The article states that not only were broadcast signals from the BBC’s Persian language service jammed, but that on the same day a Denial of Service attack was launched against the London office of the Service, flooding their switchboard with automated telephone calls.

From the details of the attack made available by the BBC, it only takes a very short leap of faith to conclude that Iran is responsible for these attacks in one form or another. An automated dialler carrying out a DoS attack on a voice service is a relatively simple thing, in fact those kinds of services are readily available in the criminal underground, however I have not seen any advertisements from criminals offering broadcast intrusion capabilities or signal jamming, particularly within Iran.

In the case of telephone DDoS attacks, much like the more familiar internet DDoS attacks the most effective technology is applied at service provider level. In a traditional POTS setup inbound calls could be filtered, for example by origin or by frequency. In the case of VoIP, signalling and media rate limiting can be applied both at the provider level and locally with VoIP firewalls.

However as many website owners, even high profile one are still discovering, DDoS, while still a blunt instrument remains effective and difficult to counter. The resources of the victim are finite and an attacker with capability and intent is still likely to be able to swamp them. Mitigating DDoS attacks against telephony systems is an ongoing effort, as with other kinds of DDoS.

External facing systems should be hardened, disabling all unnecessary services, where possible strong authentication should be deployed to reduce the possibility of abuse and of course firewalls and service provider security have an important role to play.

As for broadcast signal interference or jamming, a transmitter tuned to the same frequency and modulation as the receiving equipment can override any signal at the receiver, given enough power and proximity. Satellite jamming is nothing new in Iran, or elsewhere.

Most media organisations who broadcast content into ‘unfriendly’ territories have been familiar with signal jamming since at least World War II and there remains little that can be done to overcome a determined regime in this respect. It could also be argued of course that any nation state is free to assert control over signals that are received within their own airspace, much as the United Kingdom government jammed pirate radio frequencies in the 1970s.

Nevertheless, this recent episode is a powerful reminder that as the world grows ever more interconnected and ever more reliant on a single, albeit distributed, infrastructure (the internet). Nation states and criminal groups will continue to devote significant resource to attacks that highlight design and implementation flaws, often with increasingly noticeable effect.

As Solutions Architect for Trend Micro, Rik Ferguson interacts with CIOs from a wide variety of blue chip enterprises, government institutions, law enforcement organisations. Recognised as an industry thought leader and analyst, Rik is regularly quoted by the press on issues surrounding Information Security, Cybercrime and technology futures. With over 15 years experience in the IT Industry with companies such as EDS, McAfee and Xerox Rik’s broad experience enables him to have a clear insight into the challenges and issues facings businesses today.

Our latest thought leaders