October 4, 2011
New Zealand Vodafone customers who are downstream of Hurricane Electric were cut off from the Internet for phone access and broadband access yesterday. The cause was a massive DDOS attack on HE's core routers. The attack followed earlier smaller attacks Sept 28 (20 minutes) and Sept 29 (60 minutes) on the Hurricane Electric facility in Fremont. Yesterday's attack took 10 hours to fully mitigate, or perhaps the attackers stopped at that time. An attack on core routers is significant - it is more common for a particular server to come under attack. It implies that the attack was launched against Hurricane Electric itself.
Although nobody seems clear on why HE was chosen as a target, it is worth noting that they were raided by the FBI in Dec 2010 to access the IRC server used by the hackers who launched distributed denial of service (DDoS) attacks against Web sites such as Visa.com, PayPal.com, and Mastercard.com in December. That IRC server coincidentally was at HE's location in Fremont, California. So there may be a connection to the Anonymous / LulzSec brigade. A map of HE locations shows that there are plenty of other locations that could have been chosen, but it was the hub in Fremont that was selected.