Hackers who unleashed DDoS attacks (Distributed Denial of
Service) attacks on a state-level voter registration and voter information
website in the US used a technique called Pseudo Random Subdomain Attack
(PRSD,) which is a form of attack that uses DNS queries for nonexistent and
randomized subdomains, according to the FBI.
“The FBI received reporting indicating a state-level
voter registration and voter information website received anomalous Domain Name
System (DNS) server requests consistent with a Pseudo Random Subdomain (PRSD)
attack,” notes a Private Industry Notification sent by the FBI and published by
BleepingComputer.
“The requests occurred over the course of at least one
month in intervals of approximately two hours, with request frequency- peaking
around 200,000 DNS requests during a period of time when less than 15,000
requests were typical for the targeted website.”
PRSD attacks can be dangerous if the DNS servers lack the
tools to deal with such incidents. Fortunately, that wasn’t the case. The FBI
said the DNS servers had rate-limiting algorithms in place, which help to
filter incoming and outgoing traffic.
These types of DDoS attacks are used because it makes it
easier to obfuscate the source, as the queries can be routed through open
proxies and botnets. On the other hand, it’s not that difficult to prepare for
such an eventuality.
The FBI advises institutions and companies to have an
incident response plan, including a DDoS mitigation strategy, to keep all
endpoints, hardware, and software up to date, and to closely maintain a
timeline for the attacks. Of course, organizations in the United States are
advised to contact the FBI in case of a DDoS attack.