Who hacked YouTube? A DDoS attack whodunnit

On October 16, 2018, YouTube sent out a terse message to users and the world at large. Yes, something was wrong with their streaming video and music feeds. All services were down temporarily. No worries, though, they assured. Whatever was wrong, YouTube IT pros were working on it. Everyone would be notified as soon as the problem was fixed.


Service returned in about 90 minutes, and life went on. What went wrong? A Distributed Denial of Service attack crashed the Google-owned media sites. However, if YouTube knew who did it or why they weren’t sharing the information.

As we all know, not knowing the perp meant that there was a mystery. So, theories about who did the deed were as thick as blowflies on a wildebeest. The least far-fetched of those theories included two possibilities:

  • An unknown entity launched a DDoS attack. YouTube servers crashed and denied users video and music services. End of story.
  • The Ghost Squad Hacker group did it. This well-known, pesky group of hacktivists was responsible for attacks on CNN and other news outlets in 2016. So, when they claimed responsibility for the YouTube attacks, many folks believed them. For now, however, the claim is hot air. Despite their boasts, GSH did not provide definitive proof.

So, the mystery remains. No one has stepped forward with convincing information. However, the scenario—major media sites crashed by known or unknown attackers—illustrates an ongoing trend. In the past four years, cyber-attackers have caused major media companies major pain. The New York Times, Spotify, Netflix, Business Wire, The Wall Street Journal, and CNN and Fox News are just some of the elite online news and video services laid low by DDoS exploits.

  • Why the media industry is cybercrook heaven
  • So, what makes media sites so attractive to DDoS attacks?

Unlike its cousin, the DoS exploit, there’s nothing subtle about DDoS attacks. They’re all about brute force, directing a tsunami of junk traffic at a target and smothering its servers or network connections.

IT infrastructures need resources to respond to service requests. If enough requests engulf hardware or a site, its services are overwhelmed. Performance is slowed or shut down altogether.

DDoS exploits use many (sometimes hundreds of thousands) of internet-connected devices that cybercrooks hijack and use to drive the attack. Usually, a human operator sets the target and directs the tactics of the attack remotely. Complex scripts provide detailed instructions of where the devices (bots) go and what they do. The growing use of poorly secured IoT sensors and smart devices makes it easy to provide foot soldiers’ multitudes for these mini-cyberwars.

There are good reasons why online and streaming media companies make juicy DDoS targets.

  • Media companies are late adopters of security technology. They are still learning the subtleties of DDoS-related network behavior and potential security solutions.
  • Downtime is the enemy of revenue. Increasingly, consumers rely on the internet for fee-based entertainment. They’ve come to expect high-quality video and audio with no internet downtime. When attackers crash or threaten to crash an online site, they damage the target company’s cash flow and strain customers’ loyalty.
  • Entertainment sites accumulate valuable information. Centralized databases of subscription-based media companies have become repositories of all the customer information needed to monetize online entertainment services. They are tempting targets to enterprising cyber crooks, who break into a data store, steal its contents, and sell it on the dark web.

3 mitigation must-haves for media companies

These bullseyes make it critical to have the right protection in place. Here are three capabilities to watch for when looking for a DDoS mitigation provider:

  • Traffic monitoring and analysis. Effective DDoS mitigation services must collect, track, and analyze detailed, real-time traffic data. Displaying the data on easy-to-use dashboards enables IT pros to understand—and respond to the data quickly. Deep packet inspection, another monitoring method, takes a detailed look at each bit of traffic and blocks malicious traffic. This capability enables legitimate visitors to access media content without any delay.
  • Rapid attack response. There’s nothing that annoys streaming media customers like video or audio that stalls or goes offline, even for a moment. Reliable media services mean zero downtime, no matter what. Reliable DDoS mitigation services must detect, react to, and neutralize attack traffic in seconds.

That’s right, seconds. The current standard time to mitigation is 10 seconds or less—with a guarantee written into the SLA. A 10-seconds-or-less guarantee means that the DDoS mitigation service provider has the experience and resources that make mitigation fast and predictable.

  • Robust processing power. We have entered the era of IoT devices and big data analytics. Media companies must be ready to counter attacks by many thousands of bots, severely damaging DDoS attacks.

DDoS mitigation providers use big data analytics as a countermeasure. When a disaster in the form of a DDoS attack strikes a media company, a global network of data centers and scrubbing servers can neutralize infected traffic.

The key is high-speed, high-volume data processing. The data cleanup step in mitigation must process at least 500 Gbps. Anything less couldn’t stand up to the massive attack volumes launched against high-profile media sites.

Effective security programs in media companies have several essential ingredients. Constant security vigilance, collaboration with vendors, and attention to new security solutions and services are the minimum requirements. Consistent application of these best practices can minimize the chance of DDoS attacks. Without them, reliable online media services and their revenues are at risk.

Jeffery D. Silvers
Love and share my articles, I will be happy to react on it ! Spent 2002-2009 promoting weed whackers in Edison, NJ. Earned praise for importing junk food for fun and profit. Spent 2001-2006 exporting teddy bears in Atlantic City, NJ. Had some great experience investing in tattoos in Fort Walton Beach, FL. Spent 2002-2007 selling action figures in the aftermarket. Enthusiastic about working on basketballs on the black market.