True DDoS Stories: Why do bulldozers invite DDoS?
Close your eyes and picture farming equipment. Are you seeing a benevolent tractor in a field of corn? It’s a good chance you aren’t envisioning cyber-attacks. Yet that’s exactly what’s been happening. About a year ago, I ran into a true distributed denial-of-service (DDoS) story involving the agricultural industry–specifically, the sale of farming equipment. Then, six months ago, a second DDoS story involving farming equipment. And just recently, a third. Three was definitely enough to make me wonder why farming equipment would invite these specific kinds of cyber-attacks. Eventually I got the back story for all three and figured it would be fun to share, although for obvious reasons, I’m withholding the names of the parties involved.
Reason #1: Weaponized Bulldozers
Bulldozers and other earth-moving devices are used for all kinds of work besides agriculture. For example, in the Middle East, two nations have been competing for the same land for millennia. Lately, one of them was bulldozing the housing projects of the other. The occupants of the housing retaliated by hurling bricks and other objects at the bulldozer operators. The first side then purchased and deployed weaponized bulldozers. These bulldozers were armored and some of them were even rumored to have anti-personnel ordinance mounted to the sides. Someone (one of the drivers?) tweeted a picture of one of the weaponized bulldozers with the manufacturer logo still showing on it. With this new knowledge, cyber-activists associated with the occupants of the housing then launched a DDoS attack against the bulldozer’s American manufacturer.
"IDF-D9-Zachi-Evenor-001" by Zachi Evenor, Israel
Reason #2: Global Warming?
A different American equipment manufacturer has faced DDoS attacks for similarly political reasons. This manufacturer makes standard agricultural equipment, as well as equipment specialized for forestry work. This equipment has seen heavy use in Pacific Northwest forests of Canada and the United States. Anti-logging activists in the area, who once would have protested by getting in front of the machines in cold rain in the forest, have now found it easier to launch DDoS attacks against the manufacturer of the equipment.
Reason #3: Competition
This story occurred in one of the so-called “red states” in the heartland of America, with a heavy base of agricultural activity. This state’s capital city is surrounded by farms for hundreds of miles. As is common, a local company offered auctions for used farming equipment. When someone was “done” with their bulldozer, tractor or combine, they could post a listing for it on the auction site. What happened, however, was that competitors would place a bid and DDoS the site until the auction was over. This happened a number of times, and continues to occur. This story came as less of a surprise because auction sites, of any kind, are natural targets for denial of service attacks. Everyone who puts in a bid would like their bid to be the last, and therefore winning, bid. One way to effect this is to place a bid and then DDoS the site itself.
Each of these stories involved not just bulldozers but also F5 customers. In two cases, we assisted the operators of the F5 equipment to keep the website or auction site running during the attacks. In another case, we simply heard about the attacks after the fact.
In the first two cases, there was little that could be done other than to reinforce cyber defenses and implement countermeasures toward a DDoS-resistant architecture [link]. In the case of the auction site, however, the attackers were very likely U.S. citizens attacking a U.S. company. As a result, criminal laws apply, and the attackers, if they are ever identified, could face significant jail time (up to 15 years).
The meta for all of this, though, is that political and financial pressures continue to be the top motivations for cyber-attacks. Nearly any company can find themselves in the crosshairs of political activists or someone looking to make a quick buck. Companies that you would not expect to be making these kinds of headlines can find themselves at the center of another True DDoS story.