Ethereum / Classic Denial Of Service Attacks & The Estonian Cyberwar

October 13, 2016 by Christian Seberino

I will discuss denial of service (DOS) attacks in general and give details regarding the Ethereum and Ethereum Classic attacks.

Estonian Cyberwar

cyberwar

Estonia is known as “the most wired country in Europe”. Over 90% of banking transactions are done online, and, it was the first country to have worldwide electronic voting. In 2007 Estonia also experienced the first cyberwar. Over the course of three weeks, over a million computers from fifty countries attacked its information infrastructure. Hundreds of government, banking, university and news sites were crippled or shut down by DOS attacks. There had been cyber attacks before, but, never had an entire country been targeted and its national security so threatened.

Denial Of Service Attacks

anon

DOS attacks attempt to make computer resources unavailable. If attacks originate from several computers, they are often referred to as distributed denial of service (DDOS) attacks. These are commonly executed by sending large amounts of traffic to computing targets. DOS attacks may be unintentional. When Michael Jackson died, news sites slowed or crashed in response to the increased traffic. DOS attacks may even arguably sometimes be legitimate. In 2011 the group of hackers known as Anonymous executed DOS attacks against PayPal, MasterCard and Visa to protest their refusal to process WikiLeaks donations. They claimed this was rightful protest and no different in principle than Occupy Wall Street. DOS attacks may even be governmental. Edward Snowden revealed that the Government Communication Headquarters (GCHQ) in the United Kingdom has developed DOS attack tools. Lastly, DOS attack vulnerabilities, without great effort, may be undetectable. An address blacklist was proposed to deal with the Ethereum DAO attack. Shortly thereafter, an overlooked DOS attack vulnerability was discovered with this scheme and the proposal was dropped.

Ethereum & Ethereum Classic Denial Of Service Attacks

ethlogo

The recent DOS attacks against the Ethereum system started in September around the time of the developer conference in Shanghai. Vulnerabilities were exploited. Vulnerabilities were later patched. Then, new vulnerabilities would repeat the cycle over and over again. The attacker, or attackers, spent thousands of dollars to keep this going for several weeks. Eventually the Ethereum Classic system was also attacked in a similar manner.

Anyone can send large numbers of transactions to several Ethereum and Ethereum Classic nodes. Therefore, anyone can degrade these systems for the other participants anytime. This is typically not done because it would be horrendously expensive to keep it up for very long. The current attacks were possible because some Ethereum and Ethereum Classic instructions were underpriced relative to the amount of resources they tied up. Examples include EXTCODESIZE, EXTCODECOPY, BALANCE, SLOAD, CALL, CALLDELEGATE, CALLCODE and SUICIDE. Some attack transactions cheaply invoked EXTCODESIZE tens of thousands of times! Price adjustments to remove these vulnerabilities have necessitated changes to the systems (hard forks).

Antifragility

antifrag

In the long term, these attacks might actually be beneficial. The Ethereum and Ethereum Classic networks are antifragile. Antifragility is the property of improving in response to stressors. Immune systems, bones, muscles, economies, theories and the mythological Hydra are antifragile. Every time a new attack is exposed, the developers eventually remove the vulnerability. Therefore, every attack makes the Ethereum and Ethereum Classic systems stronger!

Feedback

Feel free to leave any comments or questions below. You can also contact me by clicking any of these icons:

twitter facebook linkedin

Acknowledgements

I would like to thank IOHK (Input Output Hong Kong) for funding this effort.

License

license

This work is licensed under the Creative Commons Attribution ShareAlike 4.0 International License.

Archive Previous posts

July 28, 2017Christian Seberino

Web 3.0 And Ethereum Classic

July 23, 2017Prophet Daniel

Development forces arriving

June 17, 2017Christian Seberino

Should The Ethereum Classic Community Be Ashamed Of Promoting Privacy?

June 17, 2017Christian Seberino

When Absolutely No One Can Steal Or Return Lost Ethereum Classic Funds

June 17, 2017Christian Seberino

ICOs & Custom Cryptocurrencies On Ethereum Classic

May 19, 2017Prophet Daniel

Stand up from the crowd

May 11, 2017Carlo V

ETC Weekly Newsletter: Dev Update 10!

May 1, 2017Christian Seberino

Why You Should LOVE Proof Of Stake Systems — Hybrids!

April 28, 2017Christian Seberino

Ethereum Classic Blocks Explained: The Three Categories

April 28, 2017Christian Seberino

Ethereum Classic World Computer Transactions Explained

April 19, 2017Carlo V

ETC Weekly Newsletter: New all time highs as ETC surges!

April 18, 2017Christian Seberino

Ethereum Classic Public And Private Keys: A Little Enlightenment

April 13, 2017Carlo V

ETC Weekly Newsletter: New devs on ETCdev Team.

March 30, 2017Christian Seberino

The Ethereum Classic World Computer Accounts & States Explained

March 29, 2017Carlo V

ETC Weekly Newsletter: Dev Update + News from Bitkio.

March 24, 2017Christian Seberino

How To Improve Ethereum Classic Immutability Discussions

March 16, 2017Carlo V

ETC Weekly Newsletter: Dev update and more

March 13, 2017Christian Seberino

Ethereum's Vitalik Buterin Discusses The New Viper Smart Contract Programming Language

March 8, 2017Carlo V

ETC Weekly Newsletter: Dev Updates + New Discussions

March 2, 2017Carlo V

ETC Weekly Newsletter : Monetary Policy Statement.

February 28, 2017Christian Seberino

An Interview With The Anonymous Individual That Started Ethereum Classic

February 28, 2017Christian Seberino

How To Create A Censorship Resistant Domain Name System On Ethereum Classic

February 20, 2017Carlo V

ETC Weekly Newsletter : Treasury Proposal

February 13, 2017Christian Seberino

Should We Make ⟠ The Ethereum Classic Currency Symbol?

February 10, 2017Christian Seberino

Serpent: Introduction To The BEST Ethereum Classic Smart Contract Language

February 10, 2017Christian Seberino

Proposal: Ethereum Classic Currency And Logo Conventions To Improve Communication And Avoid Expensive Mistakes

February 10, 2017Christian Seberino

Why Ethereum Classic Uses An Incorrect SHA3 Implementation

February 10, 2017Christian Seberino

Hashes: An Introduction & Why They Are Foundational To The Internet & Blockchains

February 10, 2017Christian Seberino

Why Bloom Filters Are So Cool (+ Useful!) For Blockchains & Beyond: An Introduction

February 1, 2017Carlo V

ETC Weekly Newsletter : Another Great Month Ahead

January 24, 2017Prophet Daniel

Ethereum Classic Harmony

January 17, 2017Carlo V

ETC Weekly Newsletter : Protocol Update Successful!

January 6, 2017Prophet Daniel

Sustainable Development Goals

January 4, 2017Carlo V

ETC Weekly Newsletter : Happy New Year!

December 29, 2016Carlo V

ETC Weekly Newsletter : End Of 2016!

December 28, 2016Christian Seberino

Zero Knowledge Proofs For Dummies

December 20, 2016Carlo V

ETC Weekly Newsletter : In Case You Missed It

December 16, 2016Christian Seberino

How To EASILY Set Up An AMAZING Ethereum Classic Node & Talk To It With Your OWN Code

December 14, 2016Carlo V

ETC Weekly Newsletter : ETC Meetup in London + The New Team

December 12, 2016Carlo V

Introducing The Grothendieck Team

December 6, 2016Carlo V

ETC Weekly Newsletter : The Grothendieck Team

December 6, 2016Christian Seberino

Why Would I Choose To Run My Application On Ethereum / Classic Instead Of The World Wide Web?

December 4, 2016Arvicco

ETC End of Year and Monetary Policy Event: London, December 13th

December 1, 2016Christian Seberino

Why InterPlanetary File System & Its Ilk Are A Big Deal For Blockchains & Beyond

November 29, 2016Carlo V

ETC Weekly Newsletter : Network Update

November 23, 2016Christian Seberino

The Skinny On Smart Contracts: An Introduction & Why You Should Care

November 22, 2016Carlo V

ETC Weekly Newsletter : Monetary Policy Update

November 15, 2016Carlo Vicari

ETC Newsletter

November 15, 2016Christian Seberino

The Bare Basics Of Money And Monetary Policy WITH A FEW WORDS FROM SATOSHI NAKAMOTO

November 8, 2016Carlo Vicari

ETC Newsletter : 2016-11-01 - 2016-11-08

November 4, 2016Christian Seberino

Let's Admit Blockchains Are Weird: An Introduction To The Strangeness

November 1, 2016Carlo Vicari

ETC Newsletter : 2016-10-24 - 2016-11-01

October 31, 2016Carlos Graterol

Instead of The Halvening, A Tithing for ETC

October 17, 2016Arvicco

Gas Reprice Hard Fork on ETC block 2500000 (October 25)

October 14, 2016Christian Seberino

Why Another Hard Fork To Deal With The Recent Denial Of Service Attack Spam Shouldn't Be Controversial

October 13, 2016Christian Seberino

Ethereum / Classic Denial Of Service Attacks & The Estonian Cyberwar

October 12, 2016Christian Seberino

Cuban Piracy & Why Merkle Trees Are So Awesome For Blockchains

October 11, 2016Christian Seberino

Navajo Indians Help Explain Ethereum / Classic Replay Attacks

September 18, 2016ProphetDaniel

The Invisible Field

September 9, 2016Arvicco

Code is Law and the Quest for Justice

September 1, 2016Ethereum Classic

CHBTC contributes funds to foster growth of Ethereum Classic

August 18, 2016Arvicco

Ethereum Classic Kickoff (London)

August 16, 2016ProphetDaniel

Nature Inspired Ethereum Classic Community Dynamics Proposal

August 14, 2016DaxClassix

New Website Created

August 11, 2016ProphetDaniel

Decentralized anarchist governance system

August 10, 2016ProphetDaniel

Couple Values That Forked Ethereum Broke

July 27, 2016Arvicco

Getting things done in a decentralized way

July 25, 2016Arvicco

What can I do to help Ethereum Classic project?

July 24, 2016Arvicco

ETC exchange trading and other news

July 22, 2016Arvicco

ETC - new Ethereum Classic ticker symbol

July 15, 2016Arvicco

Let's keep the original censorship-resistant Ethereum going!

July 11, 2016Arvicco

A Crypto-Decentralist Manifesto