Posted on September 12, 2019 at 2:54 AM
Detailed network security mapping and clear lines of communication allowed Optus to avoid an emergency patching program and quickly identify a suspected attack as a false positive.
It was the 2018’s Commonwealth Games, and the opening ceremony was about to begin. About an hour prior to the event, the company that provided the network for the competition, Optus, observed a sudden traffic surge and immediately thought that they were suffering a distributed denial of service (DDoS) attack.
A month prior to the opening ceremony held in Australia, a DDoS attack was performed, with traffic peaking at 1.7 terabytes per second.
Several Reasons to Fear a DDoS Attack
As it turns out, Optus had several reasons to fear a DDoS attack. A couple of months before the inauguration of the Commonwealth Games, a worm tore apart from the systems of the organizing committee of the Winter Olympics in South Korea. Several files and documents were deleted.
There was a lot at stake for Optus, considering that in addition of being the network provider at the Commonwealth competition, it was one of the most prominent sponsors. According to Narelle Wakely, a security advisor of Trustwave, a firm associated with Optus, the brand name was going to be all over the games.
And, considering that they had similar resources, applications, and overall infrastructure to that of the Winter Olympics, the team was on alert. That information was provided by Wakely to APNIC 48, the conference of the Asia Pacific Network Information Centre, in Chiang Mai, Thailand, earlier in the week.
Wakely also explained that tensions between British and Russian governments were increasing, amid the alleged poisoning episode of former spy Sergei Skripal in UK territory.
Another potential security aspect to watch out for at the time was the fact that two traditional enemies, the United States and North Korea, were talking about having meetings, potentially in Singapore, which is the host country of Optus’ parent company. It was an added risk, according to Wakely.
However, the network provider for the games wasn’t experiencing the traffic surges out on the network associated with clients. Instead, research showed that the alleged threat was what is called in several fields as a “false positive.”
To the surprise of many, Wakely informed that the unusual activity was because of a very large update on video game giant Fortnite. She ironized about the event and said that, of course, it had to take place one hour before the inauguration of the Commonwealth Games and that all gamers went home at the same moment to turn on their gaming devices.
Optus was a pioneer in many aspects, as it was the network provider of the 2018 Commonwealth Games, the first event to have one firm offer everything network-related, including TV broadcasts, video streaming, online security, and results recording, among other things.
Wakely explained that everything needed to be perfect and, especially, quick. She detailed how the company sent every bit of information regarding results from the Gold Coast to Perth, a cross-country journey to the data center.
A very specific and detailed map of the network was one of the most important resources for achieving that goal. The map was very thorough from online security and operational standpoints.
Everything was done to ensure that everybody involved in the process could visualize and start working on “diagrams,” as she explained it. The approach helped the firm identify the spots in which changes were taking place from a cybersecurity standpoint, and the effects or results of those modifications.
Additionally, at the moment of the Games’ network went live, prominent online-related affairs company Cisco published a couple of crucial vulnerabilities, and the rating associated with them was 9.8 on a 1 to 10 scale.
Common sense indicates that patching vulnerabilities like that as soon as possible, but Optus was at a crossroads. Wakely explained that they risked altering the network and its availability if they patched.
But the system they put in place, more specifically the blueprint on a page, allowed the company and its associates to work as a team and quickly spot the changes taking place at the moment in real-time from an online security standpoint.
In the end, a decision was reached to apply the patch in three routers and not to 133 switches.