StarHub broadband disruption was not due to DDoS attack, says investigation

AFTER an exhaustive investigation, it has come to light that disruptions of StarHub's home broadband network last October were not due to a distributed denial of service (DDoS) attack as had been feared. It was caused by a legitimate surge in traffic which the StarHub network could not handle. The telco has been warned over the incidents and has been asked to undertake a review of its infrastructure.

On the nights of Oct 22 and 24, 2016 some home fibre broadband customers in several parts of Singapore encountered intermittent difficulties in accessing the Internet as StarHub's domain name system (DNS) servers could not fully handle the high volume of Web requests. The problem lasted 130 minutes on Oct 22, and 55 minutes on Oct 24 before StarHub managed to control the situation.

The Info-communications Media Development Authority (IMDA) of Singapore and the Cyber Security Agency (CSA) of Singapore conducted a thorough investigation into the incidents and on Friday said that while there were some unusual traffic, the type and volume of these did not correspond with the pattern of a DDoS attack. The investigation concluded that the increase in DNS traffic was largely driven by legitimate DNS requests which resulted in StarHub's DNS infrastructure being overloaded, resulting in intermittent difficulties for some customers.

Besides warning StarHub, IMDA has asked the telco to engage an independent expert to undertake a review of its DNS and other associated infrastructure to ensure that its network remains resilient to future incidents of this nature. The telco will have to update the regulator of the result of the review. IMDA added that it would not hesitate to take "sterner action should a similar incident happen in future".