The IAMX Attack
In a previous article, Bots and Cyberattacks, we shared that IAMX had recently been the target of a cyberattack. Though IAMX takes this and any attack seriously, it means we’re effective and becoming a serious threat to organizations or individuals that might be competitors or otherwise oppose our efforts. Thanks to the quick actions of IAMX CTO, Dennis Mittmann, the attack had limited impact, and mitigation measures were quickly implemented to eliminate the risk of this type of attack in the future.
The Attack
During the week of July 25, 2022, an attacker executed Denial of Service (DoS) cyberattack, targeting as many IAMX servers as possible. A large number of virtual computers were used to inundate, overwhelm, and render IAMX servers non-responsive to requests. The attack is considered a coordinated Distributed DoS (DDoS) because it involved a large number of virtual computers in data centres across the globe — located in the US, China, and Malaysia. Note, this is distinct from a botnet attack as it originated from three distinct data centres as opposed to a large number of disparate, and untraceable, IP addresses. Beyond this, we know the attack was targeted because of the way it was carried out: in three stages, each with refined scope and intensity.
Stage One
The first stage was a short-term attack, of roughly 5 minutes duration, where a small block of IAMX server IP addresses were affected. This stage was used as a probe so the attacker could establish the scope of their attack. The attacker used the IAMX website IP address as a point of reference for this initial stage, targeting the reference IP address and a small block of adjacent IP addresses. As the duration and intensity of the initial stage is limited, the target (in this case IAMX) typically does not notice right away.
Stage Two
The second stage was slightly broader in scope and duration. The attacker targeted a larger block of adjacent IP addresses to those in the first stage, for roughly 15 minutes. This stage helped refine the scope of the attack and provided the attacker with enough information to ensure accuracy and maximise impact. In these first two stages the attacker was able to gauge the impact of their efforts, for example, based on the time it took to access the IAMX website.
Stage Three
With the probing and scoping stages complete, the attacker was ready to execute the full scale of the attack. Using more than 1200 distinct IP addresses across three blocks associated with the data centres in the US, China, and Malaysia, the attacker succeeded in temporarily overwhelming hardware responsible for hosting the IAMX servers. The goal of an attack like this is to render the targeted hardware non-responsive for as long as possible. Once this stage begins, it’s up to the target to take action. Dennis and his team worked rapidly and tirelessly to isolate and block all IP addresses associated with the attack, and bring the affected IAMX services back online.
Wait, but why?
Shortly before the attack took place, IAMX announced collaboration and support from a very high profile investor, Tim Ringel. While only the attacker knows the true motivation and intent of the attack, it is believed the attacker hoped to hinder the resulting interest, and potential support from other investors that was generated by the announcement. With this intent, it becomes clear that the attacker is one who opposes the efforts of IAMX, whether a direct competitor in the decentralised identity space, or perhaps an established organization offering centralised identity solutions fearing market share loss. An attack of this scale and sophistication is estimated to cost as much as $10,000 USD, which is no small investment in an attempt to cripple the competition! It’s clear that IAMX is a serious threat.
You only have one chance…
Any attacker sophisticated enough to execute an attack such as this knows they have only one chance. Dennis and his team have made changes to ensure that a similar attack targeting IAMX would be nearly impossible to execute effectively. With the skill and expertise of Dennis and his team, IAMX is equipped to deal with any future attempts to thwart its success.
About IAMX
IAMX is a token-based SSI and authentication system, enabling 1-Click Fulfillment transactions that are legally binding on the state/national level. Further, it adds an identity layer to the internet, so users are able to engage with the internet as if they were logged in.
The vision of IAMX is to empower everyone on Earth to realize their human right to have an identity, with a mission to protect the human right of every individual to hold, control, and own their personal identity.
IAMX allows the Holder to own their identity. Building upon the foundation of SSI, IAMX empowers the Holder to manage and control their identity — to consent to the use of their identity data, and to what extent, and revoke consent at any time. IAMX is working closely with members of the Sovrin Foundation to ensure the shared principles of SSI are maintained.
Website │ Twitter │ Telegram │ Discord │ Linkedin │ Youtube │ Reddit
