There’s a huge cyber-war happening on the Internet.  You may not see it, but the battles are very real.

Last September, Bank of America was hit by a massive cyber attack, which Fox News described as originating from a radical  Islamic group.

Largest Battle in Internet History?

Last week, one of the largest attacks in Internet history erupted into all out war – “causing widespread congestion and jamming crucial infrastructure around the world”.

Several church websites, hosted by Five More Talents were caught in the cross-fire last Thursday – after a huge DDoS battle  erupted on March 18.

Patrick Gilmore, chief architect at Akamai Networks, said the attacks, which are generated by swarms of computers called bot-nets,  concentrate data streams that are larger than the Internet connections of entire countries. He likened the technique, to using a machine gun to spray an entire crowd when the intent is to kill one person.

“It was the largest publicly announced DDoS attack in the history of the Internet,” according to Gilmore.

“These things are like nuclear bombs,” said Matthew Prince, chief executive of CloudFlare.

The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second,  according to the New York Times.

It Gets Worse

A cyber attack yesterday (March 29) – disrupted service for American Express customers for several hours. According to blogger J. G. Sandom, the attacks have changed from espionage to destruction.   “We are engaged in a cyber war with Iran – and their programmers are getting better and better every day.”

“With their campaign against American financial institutions, the Iranian hackers  have taken these attacks to the next level.  Instead of using individual personal computers to fire Web traffic at each bank, they infected powerful, commercial data centers with sophisticated malware and directed them to simultaneously fire at each bank, giving them the horsepower to inflict a huge attack.”

David’s Slingshot

With all these Philistine cyber threats sounding more scary than a Frank Peretti novel, what’s a little church to do? With hackers from China, North Korea, and Iran taking down mega-corporations, how is your little church website going to withstand the onslaught if attacked (or caught in the cross-fire)?  When sophisticated hackers utilizing the best resources of rogue nations have moved from controlling PC bot-nets to commandeering whole data centers, how will anyone survive?

This is the part of the movie where the scary music starts … very softly at first …

Darkness

When a pastor from one of the churches we support emailed to say he could not access his website last week – we knew something was up.  Down might be a better way of saying it.  Then one of our technicians called to report a similar incident.  It turns out that three of the church websites we support were not accessible via the AT&T network. People could access these websites via Comcast, Cox, and other internet service providers (ISPs) – but people using AT&T complained that the “website was down” for several days.  We could access the website (and we tested it – using diagnostic tools –  from 50 cities around the globe). But a few people (including the pastor) said the website was still … wait for it … inaccessible.  What was going on?

This was all happening during the largest DDoS attacks in the history of the internet.

Some tenacious technicians at the AT&T Network Operations Center (NOC) were working night and day – fighting unseen but powerful spirits – changing routes, chasing daemons, running from zombies, battling botnets,  slamming doors, and ultimately stopping intruders with a black hole.

When David faced Goliath, he chose five smooth stones (sound familiar?) and put them in his shepherd’s pouch.  Scripture records he only used one.  Yet he prepared for battle knowing “the battle is the Lord’s”.

Five More Talents uses  five (no kidding) different data centers and a variety of web servers.  Does that surprise you? Since many church websites are “low traffic” – some people people have suggested that it would simplify our operation (and save money) if we combined all the websites on to one big shared server. But what if that big server went down? What if the whole data center was infected, black-holed, or destroyed?

  • That’s why our web servers are scattered across five different data centers.
  • That’s why we keep your website security patches and plugins updated to the latest version.
  • That’s why we scan and monitor your website with Sucuri  – looking for malware and vulnerabilities.
  • That’s why we keep full offsite backups  (secure copies) – in a totally different data center.
  • That’s also why we don’t offer the cheapest web hosting plan on the planet.

Praise the Lord and Change Your Password

You know what you need to do.  Make sure it’s a strong one.  This might help.

Related Notes

…  and sheet music – in case you want to sing along:

Praise the Lord and Pass the Ammunition is a song written by Frank Loesser in response to the attack on Pearl Harbor that marked United States involvement in World War II.  The song describes a chaplain and soldiers who are under attack from an enemy.  The chaplain (“sky pilot”) is asked to say a prayer for the men who were engaged in firing at the oncoming planes.  In the song, the chaplain puts down his Bible,  grabs one of the ship’s gun turrets and begins firing back, saying, “Praise the Lord and pass the ammunition”.