Kyivstar suffers massive TDoS attack

August 4, 2016

Over the past few days, the Kyivstar mobile telephone operator has been somewhat inconsistent – resulting in a rather peaceful few days for the blog.

Part of the reason for this is on-going is preparatory work for 4G throughout August, as the company forewarned.  It also forewarned of work in Odessa regarding new transmission equipment in July.


However, on 3rd August Kyivstar was subjected to what it described as a massive TDoS attack, the outcome of which left Odessa completely without Kyivstar coverage.  At the time of writing, Kyivstar has yet to mitigate the TDoS attack by redirecting, scrubbing, and blocking offending source traffic.

TDoS attacks, no differently from DDoS attacks, do not simply happen.  They require a degree of either IT sophistication or manual coordination in order to overload a system.

As there is thus far no evidence to be found on the social networks organising mass participation in such a TDoS attack, and neither does there appear to be anything within the “dark net” – other than those advertising their abilities when it comes to DDOS and TDOS (many of which advertise in Russian) – it seems far more likely to be “bot” instigated.

There seems to be free VoIP and SIP software readily available capable of facilitating TDoS.  Which programmes are currently en vogue who knows – it used to be Asterisk, but technology surpasses the retarded knowledge of the blog so easily.

TDoS attacks are not particularly new across “eastern Europe” despite not getting the same attention that DDoS attacks do.  Likewise, on the “dark side” the (Russian language) advertisments offering DDOS and TDoS services are also not new either.

The question regarding this TDoS attack however is not the how, it is a question of motive.

Is it an attack aimed at criminal outcomes?  A matter of flooding the system to the degree it becomes impossible to cope with the amount of transactions going through the system, thus allowing for all manner nefariousness?

Perhaps it is simply a malicious tech nerd testing abilities to successfully carry out a TDOS attack?

Maybe somebody with sufficient ability who has a grudge against Kyivstar?  A disgruntled former customer?

Perhaps it is competitors in the marketplace keeping the system down long enough for customers to swap service providers, or sew the seeds of doubt in the reliability of the provider sufficiently to at least consider swapping?

Is it a Kremlin inspired attack, similar to the attack earlier in the year which hacked the Ukrainian power grid?  If so to what end?  To inflict commercial losses/damage upon a major Ukrainian company?  A “psyop” – or part of one – to remind the Ukrainians of Kremlin technological capabilities?  If so, a dangerous game, for the IT realm is one of the few in which Ukraine is quite capable of matching Russia.

Is it perhaps, unlikely as it seems, simply an excuse floated by Kyivstar for a technological fumble whilst carrying out its declared works?  Perhaps, but the Kyivstar signal did not disappear on the blog telephone, thus the issues seem related to the operating system rather than transmission.

What damage to the system, if any?

Rumour from reliable sources within Odessa state that the fibre optic cables of Kyivstar were deliberately severed – explaining no service in Odessa, rather than severely restricted service in other cities due to the TDoS.

Is this therefore a deliberate and coordinated attack on Kyivstar systems and “hard” infrastructure?  Are “pre-takeover” messages being sent the old fashioned way?  It seems unlikely.

Perhaps Kyivstar is capable of tracing and identifying the source of this TDoS attack – but if it is, will it publicly attribute the attack?

Maybe this is not as interesting as it appears prima facie, simply due to the fact that DDoS often gets the headlines whilst TDoS rarely does?

Whatever the case, this is not something that happens every day – so identifying the motivation is important.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: