DEV Community

Ania Gajecka
Ania Gajecka

Posted on

All possible loopholes

It is safe to say, that I don't know much about network security, nor security testing. With computers and phones connected to the Internet, becoming crucial parts of our life, now it would be hard to imagine inability to display or log in to the chosen website.

Belnet, one of the operators of internet traffic in Belgium has fallen victim to a cyber-attack. People attempting to visit websites on the Belnet network, including government and police services, universities and vaccinations centres, were being met with error messages due to a DDoS attack. As I happen to live in Belgium, and work for governmental institution as a software tester, I was one of the victims as well... which basically meant some extra frustration of something not working for unknown reason (a well-known feeling to a tester) and extra-long break around lunch.

A DDoS, denial-of-service attack, is a cyber-attack in which the wrong-doer seeks to make a machine or network resource unavailable to its destined users. How? By briefly or continually disrupting services of a host connected to the Internet. Denial of service typically occurs when multiple systems flood the bandwidth or resources of a targeted system with useless requests causing websites to not load.

screenshot of the webiste not loading

In a distributed DDoS attack, the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.1 Dirk Haex, a co-general director of Belnet, said:

It was a cat-and-mouse game all afternoon with the perpetrators of this gigantic attack. They are constantly changing their tactics. Our network is still under attack, but since 6 pm. The attack seems to be diminishing. The Belnet teams are doing everything in their power to fully restore connectivity for Belnet customers as soon as possible and are continuing to monitor the situation closely.2

Altogether, about two hundred institutions would have been affected. No data has been stolen (or so they say).

The main goal of security testing is to identify all possible loopholes and weaknesses of the software system. Uncovered, they might result in a loss of data, earnings or reputation. Maybe my next ISTQB exam should be the one for Security Tester?

1DDoS, denial-of-service attack
2VRT news

Top comments (0)