Here are the specific ways the 2016 Republican National Convention (RNC) and Democratic National Convention (DNC) will be Cyber-Attacked


Major Attack Type: Denial of Service Attacks

Denial of Service (DoS) attacks have grown each and every year since 2010. Moreover, the lessons of what are the most successful attacks and the reduction of cost and skill needed to execute these attacks have both dramatically been reduced. Today, for $6 one can rent an Amazon Web Service-based “Booter” to attack any foe at a moment’s notice. In fact, one can enlist the support of hundreds or thousands of infected ‘bots’ including the Internet of Things (IoT) when theoretically almost anything internet-connected can be directed.

republican-democratic-national-convention

As we saw in previous campaigns against elections and political campaigns in the Philippines, Bulgaria, Ukraine, the Russian Federation, and nearly every free election throughout the world, these DoS attacks will be large and focused. In fact, today’s technology allows for supreme bursts and intense focus. I am reminded of the biggest solar power plant on earth that directs the sun’s energy through a massive array of mirrors. These reflect the sun’s energy to a focal point and the rise in heat manages to power an electric plant, which boils water to make electricity.

[You might also like: 2016 Summer Olympics: In the Crosshairs]

So, in the end, what will these volume attacks look like? Here’s a quick checklist of the techniques which will need to be defended from with volume-based attacks:

Mostly-Network Based Volume Attacks Along with Some Popular Tools to Generate

Category Attack Type Known Tools Targeting
TCP Flood Classic SYN Flood Bonesi

 

Cythosia bot

Dirtjumper

Hping

Metasploit

Nmap

Nping

Pitbullbot

Scapy

T50

TCP/IP Stack,

 

Stateful devices

3-Way-handshake Flood Curl

 

Netcat

Nmap

Nping

Nping

Scapy

Telnet

Wget

Zemra bot(port 80)

TCP Out-of-State Flood FIN Flood Hping

 

Nping

Scapy

T50

RST Flood
ACK Flood Internet pipe

 

TCP/IP Stack

Stateful devices

PUSH Flood
UDP Flood UDP Garbage Flood Anonymousattackerpackage

 

Bonesi

Cythosia bot

Hping

Loic

Nping

Pitbullbot

Scapy

T50

 
DNS DNS Query Flood Dig

 

Metasploit

Nslookup

Scapy

DNS Server
  DNS Recursive Flood Dig

 

Nslookup

Scapy

  DNS Reflective Flood Nmap

 

Nping

Scapy

DNS Servers

 

Internet pipe

Stateful devices

  DNS Garbage Flood Dig

 

Nslookup

Scapy

Internet pipe

 

Stateful devices

Reflection Flood NTP Reflection Flood Nmap

 

Ntpdc

Scapy

Pipe Saturation

 

Stateful devices

  SMURF attack Scapy

 

Smurf.c

  CHARGEN Reflective Flood Scapy
  SNMP Reflection Flood Scapy

 

Snmpbulkwalk

Packet Anomaly XMAS Tree Hping

 

Nmap

Scapy

T50

TCP/IP stacks
Other ICMP Flood Bonesi

 

Darkness (aka optima)

Hping

Nping

Scapy

Rsmurf6

T50

Servers

 

Stateful devices

Internet pipe

  IGMP Flood Hping

 

T50

Servers

 

Stateful devices

Internet pipe

Routers

  SMTP Flood Netcat

 

Scapy

Telnet

Wget

SMTP Servers
  IP fragmented Flood Nmap

 

Pitbullbot

Scapy

TCP/IP stacks

 

 

Application-Layer Cyber Attacks

However, these large volume attacks will not characterize all of the attacks which the RNC and DNC Convention will need to fend off. We know from other major world events such as the World Cup, the Olympics, and SuperBowl that the application-stack will be heinously attacked.

So, application-layer attacks can come in two broad forms - one is against the confidentiality and integrity of the application(s) servicing the convention itself such as the broadcast applications, the websites leveraged to carry and transmit what is being accomplished, and the myriad of IoT being leveraged to bring the convention to the masses. Also, each of these applications can also be DoS-attacked, however many of the techniques are varied from the network level illustrated above.

So, let’s take a look at just a few of the major application level attack techniques which can render an application vulnerable to loss of data, integrity or availability:

 

application-level-attack-techniques

 

Within the Denial-of-Service category itself, application-level threats have a dizzying array of techniques which can render a service or application slow, unresponsive, erratic, or ultimately completely down.

The following is a list of specific attack techniques which have been witnessed at major world events over the past two years:

 

Category Attack Type Known Tools Targeting
HTTP GET / #Refref

 

Athena

Bonesi

Curl

Cythosia bot

Darkness (aka optima)

Dirtjumper

Dos-pro

Hoic

Hulk

Hydra

Itsoknoproblembro

Loic

Mobile loic

Netcat

Pitbullbot

Scapy

Siege

Wget

Xerxes

Web server

 

Stateful devices

HTTP Request Flood
Search Engine Flood Curl

 

Metasploit

Scapy

Siege

Wget

Web server

 

SQL Server

Large file Download flood Curl

 

Scapy

Siege

Wget

Web server

 

Internet pipe

HTTP Garbage Flood Curl

 

Loic

Scapy

Siege

Wget

Zemra bot

Internet pipe

 

TCP/IP Stack

Stateful devices

POST Flood Athena

 

Curl

Scapy

Siege

Wget

Slow HTTP Post Athena

 

Httpbog

Metasploit

R.u.d.y.

Scapy

Slowhttptest

Web servers

 

TCP/IP Stack

Stateful devices

Incomplete HTTP Request Assassindos

 

Curl

Netcat

Pyloris

Scapy

Slowloris

Telnet

Wget

Apache Web Servers
Head/PUT/Delete Flood Curl

 

Netcat

Scapy

Telnet

Wget

Web Servers
Apache Killer Apache killer Apache web servers
HTTPS SSL Renegotiation Thc-ssl-dos Web servers

 

SSL Terminators

SSL Request Flood Dirtjumper

 

Itsoknoproblembro

Web servers

 

 

Heartbleed Check-ssl-heartbleed.pl

 

Crowdstrike

Hb-test.py

Metasploit

Nessus

Nmap

 
TCP attacks TCP Window Size Nping

 

Scapy

Sockstress

T50

TCP Stack
  Connection Flood
  Small window stress
  Req fin pause stress
  Activate reno pressure stress

 

 

Who will be attacked? In a nutshell, Sponsors, Broadcasters/Service Providers, Law-Enforcement, Contractors and Show Organizers

It is one thing to suggest that the technical attacks will be largely in the form illustrated above and either rented via Booter-services or conducted manually through some the popular tools listed above.

However, it’s another item to know who to protect. Attached below are some thoughts on who needs to button-down the hatches:

- Sponsors: Yes, all advertisers and individuals who have paid money or otherwise promoted the show should consider themselves forewarned. We know that from the Olympics and World Cup that show-advertisers – including those who simply advertise during the commercial breaks - will be considered viable targets. Also, groups who have thrown their support behind the convention, such as the National Rifle Association and others, should strengthen their defenses.
- Broadcasters / Service Providers: This is a very broad category and will include news outlets, managed IT service providers, domain name resolution (DNS) services, telecommunication providers and others who enable the transits of the messages
- Contractors: These are widespread and numerous and include everything from the internet Domain Name (DNS) Resolution Services, to transportation, to the HVAC services which are contracted (after all, the HVAC contractor is how the massive Target data breach first occurred)
- Law Enforcement: We know from numerous Group Anonymous attacks throughout the world that the local, state and federal police are not immune to cyber-attacks including personal data leaks and exposures of individual officers. They can also organize a fairly large protest with ease.
- Show Organizers: Perhaps the most obvious, but somehow appears to be among some of the least intellectually protected – this includes all of the individual candidates themselves, the various Republican Party groups from local, state and federal and all Political Action Committees.

 

The Convention is a big Wi-Fi station - - This Infrastructure is Subject to Physical Cyber-Attacks!

If you recall, the Super Bowl this past year was held at Levi’s Stadium in the San Jose/San Francisco Greater region. Levi’s Stadium is one of the most technologically advanced stadiums ever built and will be similar to what will need to be accomplished at the RNC and DNC to accomplish the goals of the convention. For example, The RNC will be held at the Quicken Loans Arena in Cleveland. This stadium features 461 antennas, 235 DAS and 230 Wi-Fi access points, that provide access to those attending events inside the stadium. The DAS system is built be Verizon Wireless and provides 4G LTE speeds. The DNC will be held at the Wells Fargo Center in Philadelphia. This stadium features 3501 Wi-Fi access point and 700 Bluetooth beacons. The system is powered by Cisco’s latest generation, Cisco connected stadium solution, that provides users with a 1Gbps connection.

When Levi’s Stadium hosted Super Bowl 50, it brought a new approach to the overall game experience by offering fans network connectivity via Wi-Fi, Bluetooth, and a number of other digital services. We see this also occurring at the conventions and, like the stadiums, the more connected stadiums become, the more risks they create. Such a concentration of mobile users could entice hackers looking to steal data from high-profile celebrities, politicians, and others at the game. It could allow someone to commandeer the stadium’s TV screens. It could allow a hacker to enslave thousands of unsuspecting mobile users with no more than a pocket’s worth of technology.

 

Summary

We now know through numerous external analysis and documented evidence that the political sector is vulnerable to cyber attacks. How long will it be before the terror strikes will evolve in the political arena, like they did around the world, to the cyber front? Should you have responsibility for any aspect of these areas, please don’t be a bystander and be proactive about on-boarding controls and bringing security to our democratic process. Given the threat landscape evolution and importance of newsroom fidelity and political candidate sanctity, this is an area where, unfortunately, the government’s ability to assist is not yet fully realized and can’t be relied upon. There is no real equivalent to the Secret Service in the digital realm, whose role would be equivalent to the Physical Secret Service in numerous ways.

As cyber attacks against political leaders, institutions, and others grow, the national conventions need to develop their own private “Digital Secret Service” which would stand guard against the hacktivists and others increasingly attacking the fidelity and trustworthiness of our democratic governments.

DDoS_Handbook_glow

 

Download Radware's DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now

Carl Herberger

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

Related Articles

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia