Who hacked YouTube? A DDoS attack whodunnit

On October 16, 2018, YouTube sent a terse message to users and the world. Yes, something was wrong with their streaming video and music feeds. All services were down temporarily. No worries, though, they assured. Whatever was wrong, YouTube IT pros were working on it. Everyone would be notified as soon as the problem was fixed. Service returned in about 90 minutes, and life went on. What went wrong? A Distributed Denial of Service attack crashed the Google-owned media sites.


However, if YouTube knew who did it or why they weren’t sharing the information. As we all know, not knowing the perp meant that there was a mystery. So, theories about who did the deed were as thick as blowflies on a wildebeest. The least far-fetched of those theories included two possibilities:

  • An unknown entity launched a DDoS attack. YouTube servers crashed and denied users video and music services. End of story.
  • The Ghost Squad Hacker group did it. This well-known, pesky group of hacktivists was responsible for attacks on CNN and other news outlets in 2016. So, when they claimed responsibility for the YouTube attacks, many folks believed them. For now, however, the claim is hot air. Despite their boasts, GSH did not provide definitive proof.

So, the mystery remains. No one has stepped forward with convincing information. However, the scenario—major media sites crashed by known or unknown attackers—illustrates an ongoing trend. In the past four years, cyber-attackers have caused major media companies major pain. The New York Times, Spotify, Netflix, Business Wire, The Wall Street Journal, CNN, and Fox News are some of the elite online news and video services laid low by DDoS exploits.

  • Why the media industry is cybercrook heaven
  • So, what makes media sites so attractive to DDoS attacks?

Unlike its cousin, the DoS exploit, there’s nothing subtle about DDoS attacks. They’re all about brute force, directing a tsunami of junk traffic at a target and smothering its servers or network connections.

IT infrastructures need resources to respond to service requests. If enough requests engulf hardware or a site, its services are overwhelmed. Performance is slowed or shut down altogether.

DDoS exploits use many (sometimes hundreds of thousands) internet-connected devices that cybercrooks hijack and use to drive the attack. Usually, a human operator sets the target and directs the tactics of the attack remotely. Complex scripts provide detailed instructions on where the devices (bots) go and what they do. The growing use of poorly secured IoT sensors and smart devices makes providing foot soldiers multitudes for these mini-cyberwars easy.

There are good reasons why online and streaming media companies make juicy DDoS targets.

Three mitigation must-haves for media companies

These bullseyes make it critical to have the right protection in place. Here are three capabilities to watch for when looking for a DDoS mitigation provider:

  • Traffic monitoring and analysis. Effective DDoS mitigation services must collect, track, and analyze detailed, real-time traffic data. Displaying the data on easy-to-use dashboards enables IT pros to understand—and respond to the data quickly. Deep packet inspection, another monitoring method, looks at each bit of traffic and blocks malicious traffic. This capability enables legitimate visitors to access media content without any delay.
  • Rapid attack response. NReliable DDoS mitigation services must detect, react to, and neutralize attack traffic in seconds. Nothing annoys streaming media customers, like video or audio that stalls or goes offline, even for a moment. Reliable media services mean zero downtime, no matter what.

That’s right, seconds. The current standard time to mitigation is 10 seconds or less—with a guarantee written into the SLA. A 10-seconds-or-less guarantee means that the DDoS mitigation service provider has the experience and resources that make mitigation fast and predictable.

  • Robust processing power. We have entered the era of IoT devices and big data analytics. Media companies must be ready to counter attacks by thousands of bots, severely damaging DDoS attacks.

DDoS mitigation providers use big data analytics as a countermeasure. When a disaster like a DDoS attack strikes a media company, a global network of data centers and scrubbing servers can neutralize infected traffic.

The key is high-speed, high-volume data processing. The data cleanup step in mitigation must process at least 500 Gbps. Anything less couldn’t stand up to the massive attacks launched against high-profile media sites.

Effective security programs in media companies have several essential ingredients. The minimum requirements are constant security vigilance, collaboration with vendors, and attention to new security solutions and services. Consistent application of these best practices can minimize the chance of DDoS attacks. Without them, reliable online media services and their revenues are at risk.

Jeffery D. Silvers
Love and share my articles, I will be happy to react on it ! Spent 2002-2009 promoting weed whackers in Edison, NJ. Earned praise for importing junk food for fun and profit. Spent 2001-2006 exporting teddy bears in Atlantic City, NJ. Had some great experience investing in tattoos in Fort Walton Beach, FL. Spent 2002-2007 selling action figures in the aftermarket. Enthusiastic about working on basketballs on the black market.