Cyber attack on one customer caused internet outage across NZ

A sinister cyber attack on one Kiwi computer user crippled the internet for many customers across major cities in New Zealand.

It sparked a network outage for a major broadband company, causing internet disruption across the country.

A spokesperson said the Vocus engineering team has confirmed the issue is related to a distributed denial of service (DDoS) attack.

Vocus owns Orcon, Slingshot. Flip, and Stuff Fibre, and so many of their customers would be impacted. It collectively holds close to 15 per cent of the country's broadband customers.

Vocus now says one customer was the subject of the DDos attack.

"A DDoS mitigation rule was updated to our Arbor DDoS platform to block the attack for the end customer.

"Based on initial investigations it was this rule change that disrupted service to a range of Vocus customers. We are working closely with the vendor of this platform to understand why this occurred.

"All customers are now back online and once again we apologise for any disruption caused."

The company said earlier that the attack caused internet problems for round 30 minutes.

"Clearly this wasn't great timing with most of the country working from home, and we'd like to apologise for the interruption. Our engineers were able to resolve the problem quickly, and customers should have come back online automatically," they said.

The sudden loss of internet hit users in Auckland, Wellington and Christchurch at about 1.30pm on Friday.

Some users reported online connections had resumed about 2.10pm.

Vocus also provides a dedicated service for large corporate clients.

Vocus outage yikes pic.twitter.com/7TZdYXN7PW

— Daniel Johnston (@DJninjaNZ) September 3, 2021

Chorus has posted to those without internet that the system was currently under maintenance and apologised to customers.

A spokesperson for Chorus says the company was currently going through their systems to make sure everything is working but at this stage everything seems to be operating normally.

The spokesperson said they will be looking into what kind of support they can offer to Vocus.

Slingshot is reporting its also experiencing network issues affecting broadband connections and its website.

"We're investigating urgently, and will share more news as soon as we can. Our apologies for the disruption," it said in a tweet.

If you're on a Vocus-owned ISP (Orcon, Slingshot, Flip, Stuff Fibre) and your internet's still not back, turn your router off and on. Key bit is to wait 30 seconds before turning it back on.

— Chris Keall (@ChrisKeall) September 3, 2021

All Apple Pay or payWave options had been taken offline in the internet crash.

Those making electronic transactions on their phones at supermarkets had been left without means to pay.

Kiwibank posted on Twitter that there was a major problem with internet banking.

The bank said it had affected all services connected to its app and website.

"We're looking into it at this moment with urgency," the bank tweeted.

Kia ora koutou. We're aware of a current issue with our Internet Banking, App and website and we're looking into this at the moment with urgency. We'll update you here when we have more info and thanks for your patience.

— Kiwibank (@KiwibankNZ) September 3, 2021

What is a DDoS attack?

Security company NortonLifeLocks says criminals prepare for a DDoS attack by taking over thousands of computers. These are often referred to as "zombie computers". They form what is known as a "botnet" or network of bots. These are used to flood targeted websites, servers and networks with more data than they can accommodate.
A volume-based or "volumetric" DDoS attack sends massive amounts of traffic to overwhelm a network's bandwidth, NortonLifeLock says.
The company says a DDoS attack has to be repelled at the internet service provider level, which often this involves temporarily blocking traffic from certain IP addresses.