SAN FRANCISCO — For nearly four days, Turkey has been waging a battle against a cyberattackers, who have succeeded in bringing down much of the country’s internal websites.
The attacks against Turkey are not complex, but their targeting is cleverly designed to cause the most damage to sites registered on Turkey’s .tr domain. Distributed denial of service (DDoS) is a brute-force attack, which works by overloading servers with requests for information until they fall. In Turkey — where the .tr domain is used by schools, local businesses, government institutions, and the Turkish military — the DDoS attack felt devastating.
“Nothing was working for days. It was very frustrating for everyone and we could not stop it,” said one Turkish engineer, who works for a government-owned company and said he could not speak about the cyberattacks on the record. “We will need a major restructuring so that this can not happen again. The attackers, they found a weakness.”
Domain names ending in .tr register with something called NIC.tr, an administrative office based in the capital Ankara. This gave the attackers a focused target to overwhelm — namely, NIC.tr's five servers. By Monday evening, the servers were completely overwhelmed under a DDoS attack of 40 gigabits per second. While the attack is significant, cybersecurity experts report that countries like the U.S. and Russia have withstood attacks that were 10 times as large.
The Daily Dot reported that on Monday evening Turkey’s National Response Center for Cyber Events closed all external traffic to NIC.tr, making it impossible for those outside of Turkey to access .tr websites or send email to accounts hosted on .tr domains. Since late Monday night, NIC.tr has begun running a number of quick fixes, including asking Turkish internet service providers Superonline and Vodgone for help distributing queries so that they will be harder to attack, the Daily Dot report said.
“Turkey was not prepared and it should have been. We should have known that Russia’s cyberarmy would come for us,” said the engineer.
Many Turkish commentators have pointed to Russia as the source of the attacks, but it’s difficult, if not impossible, to say with absolute certainty where a cyberattack stems from.
Turkey and Russia have been engaged in tit-for-tat attacks since Turkey downed a Russian jet near the Syrian border. Russian media has reported that Turkey instructed hackers to launch DDoS attacks against Russia’s Kremlin-owned Sputnik News.
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Got a confidential tip? Submit it here.