Incident: Ukrainian Postal Service Website DDoS Attack Impacting Parcel Tracking

Published Date: 2017-08-10

Postmortem Analysis
Timeline 1. The software failure incident of the DDoS attack on Ukraine's national postal service happened on Monday morning and continued into Tuesday, as reported in Article 62059. 2. Published on 2017-08-10. 3. The incident likely occurred on August 7-8, 2017.
System 1. Ukrposhta's online parcel tracking system [62059]
Responsible Organization 1. Unknown hackers were responsible for causing the DDoS attack on Ukraine's national postal service [62059].
Impacted Organization 1. Ukraine's national postal service - Ukrposhta [62059]
Software Causes 1. The software cause of the failure incident was a distributed denial of service (DDoS) attack targeting the online system of Ukraine's national postal service [62059].
Non-software Causes 1. Inadequate protection of critical systems exposed to the internet [62059]
Impacts 1. The software failure incident, a DDoS attack on Ukraine's national postal service's website, caused interruptions and slowdowns in the website and services provided by Ukrposhta [62059].
Preventions 1. Implementing robust DDoS protection measures such as always-on, real-time automatic DDoS protection could have prevented the DDoS attack on the Ukrainian postal service's website [62059].
Fixes 1. Implementing robust DDoS protection measures to mitigate and prevent future attacks [62059]. 2. Regularly updating and patching systems to address vulnerabilities that could be exploited by attackers. 3. Enhancing network security to detect and block malicious traffic effectively. 4. Conducting regular security audits and assessments to identify and address potential weaknesses in the system. 5. Educating employees and users about cybersecurity best practices to prevent falling victim to social engineering tactics used by attackers.
References 1. Ukrposhta's official Facebook page [62059] 2. Sean Newman, director of Corero Network Security [62059]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident happened again at one_organization: - The Ukrainian national postal service, Ukrposhta, experienced a DDoS attack that occurred on two separate occasions. The attack began on Monday morning but ended, only to resume on Tuesday [62059]. (b) The software failure incident happened again at multiple_organization: - The article does not provide specific information about similar incidents happening at other organizations.
Phase (Design/Operation) design, operation (a) The software failure incident in the article is related to the design phase. The DDoS attack on Ukraine's national postal service website was a result of inadequate protection and critical systems being exposed to the internet, allowing hackers to flood the servers with web traffic [62059]. The attack targeted the online system that tracks parcels, indicating a vulnerability in the design or security measures of the system. (b) The software failure incident is also related to the operation phase. The DDoS attack continued even after the initial wave, affecting the website and services, causing them to work slowly and with interruptions [62059]. This operational impact was a result of the ongoing attack on the system, showcasing how the operation of the system was disrupted due to external factors like the DDoS attack.
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident, in this case, the DDoS attack on Ukraine's national postal service, was caused by inadequate protection of critical systems exposed to the internet. The attack targeted the website's servers, leading to slow performance and interruptions in services [62059].
Nature (Human/Non-human) non-human_actions (a) The software failure incident in this case was due to non-human actions, specifically a distributed denial of service (DDoS) attack carried out by unknown hackers targeting Ukraine's national postal service's website [62059]. The attack involved flooding the website's servers with a huge amount of web traffic to disrupt the online parcel tracking system. (b) The article does not mention any contributing factors introduced by human actions that led to the software failure incident.
Dimension (Hardware/Software) hardware, software (a) The software failure incident in the article is related to hardware as the DDoS attack targeted the website's servers by flooding them with a huge amount of web traffic, which is a hardware-related issue [62059]. (b) The software failure incident is also related to software as the attack was carried out by infecting computers, routers, and IoT devices with malware, which is a software-related issue [62059].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident in this case is malicious. The Ukrainian postal service was hit by a DDoS attack carried out by unknown hackers with the intent to disrupt the online tracking system for parcels. The attack involved flooding the website's servers with a huge amount of web traffic to take the website offline, causing disruptions and slow performance [62059].
Intent (Poor/Accidental Decisions) accidental_decisions (a) The intent of the software failure incident related to poor_decisions: The software failure incident of the DDoS attack on Ukraine's national postal service was not directly attributed to poor decisions. Instead, it was caused by unknown hackers carrying out a distributed denial of service (DDoS) attack against Ukrposhta's website [62059]. (b) The intent of the software failure incident related to accidental_decisions: The software failure incident of the DDoS attack on Ukraine's national postal service was more aligned with accidental_decisions as it was initiated by hackers who flooded the website's servers with a huge amount of web traffic, intending to take the website offline. This attack was not a result of intentional decisions made by the postal service but rather a malicious act by external actors [62059].
Capability (Incompetence/Accidental) development_incompetence (a) The article mentions the issue of inadequate protection as a contributing factor to the DDoS attack on Ukraine's national postal service. Sean Newman, director of Corero Network Security, highlighted the importance of having the latest generation of always-on, real-time automatic DDoS protection to prevent such attacks. This lack of adequate protection can be attributed to development incompetence in terms of ensuring the security and resilience of the online systems [62059]. (b) The DDoS attack on Ukrposhta's website was carried out by unknown hackers, indicating that the incident was not accidental but a deliberate attack aimed at disrupting the postal service's online system. The attackers infected computers, routers, and IoT devices with malware to create a botnet for launching the attack, demonstrating a premeditated and intentional act rather than an accidental failure [62059].
Duration temporary (a) The software failure incident in this case was temporary. The DDoS attack on Ukraine's national postal service's website lasted for 48 hours, starting on Monday morning and ending shortly after 21:00 local time. However, the attack continued again on Tuesday, indicating a temporary disruption rather than a permanent failure [Article 62059].
Behaviour other (a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [62059]. (b) omission: The software failure incident in the article is not described as an omission where the system omits to perform its intended functions at an instance(s) [62059]. (c) timing: The software failure incident in the article is not described as a timing issue where the system performs its intended functions correctly, but too late or too early [62059]. (d) value: The software failure incident in the article is not described as a value issue where the system performs its intended functions incorrectly [62059]. (e) byzantine: The software failure incident in the article is not described as a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [62059]. (f) other: The software failure incident in the article is described as a distributed denial of service (DDoS) attack on the Ukrainian national postal service's website, which led to the website working slowly and with interruptions. This behavior could be categorized as a form of intentional disruption rather than a specific software failure mode [62059].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence non-human, theoretical_consequence The consequence of the software failure incident reported in the article was primarily related to the impact on services and operations rather than direct harm to individuals. The article mentioned that the DDoS attack on Ukraine's national postal service caused interruptions and slowdowns in the website and services [62059]. There was no mention of any direct harm, death, impact on basic needs, property loss, or delays caused to individuals. The article did discuss the potential broader impacts of DDoS attacks on critical systems beyond just taking a website down, such as interruptions in manufacturing processes, productivity, quality, and safety [62059]. Therefore, the consequence of the software failure incident in this case falls under the category of "theoretical_consequence."
Domain information (a) The failed system was intended to support the information industry as it targeted Ukraine's national postal service, which tracks parcels and provides online services related to postal operations [62059]. (b) The incident did not directly involve the transportation industry. (c) The incident did not directly involve the natural resources industry. (d) The incident did not directly involve the sales industry. (e) The incident did not directly involve the construction industry. (f) The incident did not directly involve the manufacturing industry. (g) The incident did not directly involve the utilities industry. (h) The incident did not directly involve the finance industry. (i) The incident did not directly involve the knowledge industry. (j) The incident did not directly involve the health industry. (k) The incident did not directly involve the entertainment industry. (l) The incident did not directly involve the government industry. (m) The incident did not directly involve any other industry.

Sources

Back to List