The local IT community is baffled. How did Mauritius Telecom cybersecurity system fail to anticipate and overcome Tuesday’s cyber-attacks? Was internet deliberately shutdown?
According to Naissen Chinnaiyan, IT Project Manager, “When a large-scale internet attack is about to happen, especially on an internet provider, there are numerous alerts that generally triggers a defense mechanism. Network engineers are alerted and an emergency response team is deployed.”
The clues that an attack is ongoing is normally visible through abnormal flood of traffics on specific networks. He explains that hackers normally plan their attacks in advance and have a hit list of targets that have vulnerabilities in the Internet Service Provider architecture.
Internet attacks can cause multiple damages ranging from operational site disruption to breach of data privacy.
Achilles’ Heel
The Achilles’ heel of large organizations is commonly found in the process of corralling, combining and storing of data being collected from various projects in a single place. This process is called data consolidation and is normally done to centralize data. However, this process also makes data vulnerable to man-in-the-middle attacks.
Did the shutdown happen as a result of the attacks or was it done deliberately to protect the system? “I believe that this has something to do with the consolidation of data being sourced simultaneously from a number public-led projects. When MT realized that a large-scale attack was ongoing, it decided to close down the whole system so as to preserve the interoperability of the whole system. This is the most plausible explanation”, says Naissen Chinnayan.
There are a number of public-led digital projects ongoing. These projects are being done simultaneously, some of which are being implemented by MT, the largest internet provider inland but also a one-stop-shop for internet-linked nation-wide digital projects.
In 2019, the Internet Society, in its Global Internet Report, named “Consolidation in the Internet Economy, warned against what it considered as “deep dependencies” that flattens internet infrastructure and makes it vulnerable to data theft. The Internet Society recommends that there should be “no permanent favorites” to avoid “domino effects” on global private platforms.
Suren Paupamah, Network Security Consultant, concurs; “A large-scale attack on the nation’s largest internet provider that also plays a central role on public-led projects deserves thorough investigation by authorities”. He also asserts that internet connectivity is more than ever of utmost importance to ensure business continuity during this period where cloud computing, work-from-home and online meetings are now crucial for many Mauritians.
10-year Gap Coincidence
On July 20, 2011, exactly 10 years ago, similar internet shutdown happened. The Outsourcing and Telecommunications Association of Mauritius then complained to the authorities and the Information and Communication Technologies Authority called on Mauritius Telecom to be more transparent and accountable to its end-users. OTAM reported to the local media that the 6-hour long internet interruption amounted to a Rs 20 million loss in total.
MT explained, at the time, that the disruption was due to server breakdown.
In this particular case, according to Minister of Information Technology and Communication, Deepak Balgobin, in a statement made to Parliament, on July 20, 2021, the 5-hour long nation-wide breakdown in internet services provided by Mauritius Telecom happened following abnormal number of requests reported on its networks at around 11.30 am. Investigations showed that there were Distributed Denial Of Service (DDOS) originating from abroad. Mauritius Telecom launched immediate efforts to review its defense policy and internet was restored at 16.00, on the same day.
Similar attacks were again observed in the early morning on Wednesday, July 20, especially in the South and the East of the Island.
Re-establishing internet does not mean that the problem is solved. Confidential and sensitive data might have been compromised during the attack. The above-mentioned experts both agree that an assessment must be done to evaluate the extent of the damages and results be disclosed.
