Attacks more and more sophisticated

TU Delft dependent on other parties in investigation of severe DDoS attack

TU Delft is currently investigating who is behind the DDoS attack at the end of May. In the investigation, it is dependent on the cooperation of hosting companies and cloud services

The DDoS attack came from multiple countries. (Photo: NASA via Unsplash)

The DDoS attack that started in the night of Monday 27 to Tuesday 28 May targeted the overloading of TU Delft’s name servers. “These are the network’s address books. As they are overloaded, the whole network is slow and could even collapse,” explains Jérôme Zijderveld, the Chief Information Security Officer (CISO).

TU Delft classifies the DDoS attack as severe because of the duration of the attack, the number of points where it came from, and the number of requests that the name servers were required to process. This was 2.8 trillion requests per half hour compared to the normal 12 million.

Infected computers

IT is only prepared to say that the attack came from several countries. “But,” adds Zijderveld, “the countries say virtually nothing about the nationalities of the attackers and their motives.” These types of attacks often use botnets, a collection of computers that are infected with malware without the owners being aware of this. The infected computers form a network and are centrally controlled through a server. At the end of May, Europol disrupted a large international botnet which used 100 servers.

‘We often have to accept that the attackers will not be found’

Many of these botnets were using the servers of large hosting companies and cloud services providers. This was also the case in the TU Delft attack. “This is why we are dependent on the cooperation of these kinds of companies if we want to investigate who is behind the attack.” Zijderveld says that TU Delft has questioned these companies about the identity of the attackers and is awaiting their responses.

Exerting pressure

“We sometimes get answers, but in general we hear nothing and we have to accept that the attackers will not be found. We can exert pressure through SURF (the joint platform for educational institutions in the area of digital services, Eds.). SURF can take up contact with the National Cyber Security Centre that can in turn exert pressure on hosting companies and cloud services.” One thing that IT knows after questioning other universities and SURF is that the attack specifically targeted TU Delft.

TU Delft is subject to DDoS attacks ‘a few times a year’. While these usually do not last a long time, IT sees that these are becoming increasingly sophisticated. “It is a race,” says Zijderveld. To protect TU Delft as best it can, IT works with researchers at the Faculties of Technology, Policy and Management (TPM) and Electrical Engineering, Mathematics and Computer Science (EEMCS). “We hold a cyber security roundtable every quarter where we discuss the latest developments in the area of cyber security.”

News editor Annebelle de Bruijn

Do you have a question or comment about this article?

Comments are closed.