 Tom here from Lawrence Systems and I'm back with Ray because we have to talk about BamWit.com. We're not clairvoyant, but we did suspect that these attacks that we wanted to explain in the last video we did would probably get worse. And we did actually, I don't really think I expected it to get this bad. I thought like, you know, the way Ray explained the scrubbers being put in place and BamWit.com, you know, probably has a pretty solid plan for this, but it turns out the bully in the yard that is running around with this DDoS attack has got a really big stick and they're knocking some people offline. This affects a lot. This is a huge thing. So we're going to talk about the scale and scope of it because it's a little bit more complicated, which is perfectly centered on Ray. Who usually says, I don't think I want to be an MSP because you know, it's a hard business. There's a lot of security problems, but hey, Ray, how's the VoIP world going for you? Oh, not enough, not enough Advil and Bourbon in the world, man. It's been a rough week. Yeah. So Ray is very directly affected. He runs OIT VoIP. If you haven't watched our previous video, it'll be linked down below. Watch that. You can check out OIT VoIP and everything they do, but they're a full service phone company and they happen to have a little interaction with BamWit. So I'll let Ray explain what's kind of going on there so we can kind of break down the attack. Yeah, absolutely. I knew we were going to do recap content after the last video. I did not think it would be so quickly and with a different target. That was a little surprising, but for those of you that haven't seen it because that's one of the most amazing things, there's not a lot of news coverage. We were looking for a background on this and we found two or three articles. So kudos to Bleeping Computer for being one of the first ones to actually post anything about this. But for those that don't know, BanWit.com, which is a major, what's called a tier one provider, they provide back-end VoIP services to almost everybody. We're talking, and when I say everybody, I mean Google 8x8 Nextiva Microsoft, Google Voice, Google Fi. Verizon has interconnections with them. Comcast uses them. It's a major, major, major player. They run 9-11 centers. They run 9-11 operations. Even if you're not using them for voice, you're using, if you're probably using them for 9-11 and wouldn't know it, this is a major player. The statistics we've seen so far upwards of 40% of the voice services in the U.S. use BanWit in some way, shape, or form. They're an intermediate company. They are not just some small player. Do a little digging, you're like, oh, I've never heard of this company, but boy, they're big. Absolutely. That's why I say that's what a tier one is. There's not a lot of tier ones in the U.S. They're a major, major, major player. They're a backbone provider, if you were to relate it to like ISP World. They've been DDoS, and they've been DDoS since Saturday. This attack was a little weird because they had little small events on Saturday. They had a small event for a couple hours. They scrubbed it pretty quickly, and then it died off, and it lasted four or five hours. It was very, very quick. Sunday repeated the exact same thing. So Monday, we had an idea that something might happen, but because of the resolution Saturday and Sunday, we didn't, we weren't worried about this. And like you said, Tom, they're a major provider. They're enormous. We figured they were prepared for this. Everything we said on the last video, these people have in place. And I can share a little bit why we know they did have these mitigations in place. But on Monday, it started up again. Monday at business hours. Monday, around 9.30 a.m. Eastern, right start of the East Coast business hours, it just started up again. And all of their nodes were being hit, and portal, API, voice services, SMS, MMS, 9-11 services, everything was affected all at once. We expected it to go down very, very quickly, and it didn't. It actually stayed throughout the day until 5.30 or 6.30 in the afternoon. And then it started to die down again, which honestly, that is more terrifying to me than a 24-7 attack. That to me shows the same thing we saw with the WaveMS, right? It was targeted. They were going after each node during their busiest time zones. They were very strategic about what they were doing. There's no indication if it's the same people. We don't know. It's another time to clear. We mentioned the UK providers in the last video. We're not even sure if it's the same people. It's so vague. It's very weird because the end game is kind of mysterious to all of us of why go around knocking white providers off. We've seen a ransom note, but who's really going to pay because there's no guarantee that you'll stop doing it? You'll just ask for more money again, so I don't think there's any realistic expectation to pay. That's my opinion at least. We saw the ransom note on WaveMS. We still haven't heard anything. I mean, bandwidth released in RFO yesterday. It's under NDA, so we can't share it, but basically it's a lot of the stuff they already mentioned publicly. They experienced a DDoS event. No mention of ransom or anything on that end. We know that they did have scrubbers in place for the reason that they use NTT for a lot of their routes, and their routes did not change during the event. That is an indication they didn't have to rebroadcast their prefixes. They didn't have to shift traffic over to some other DDoS mitigation. They had active mitigation in place. That might have happened within NTT's network, and we would never know, but the routes didn't change. My guess is they had active protection for minute one. Given their size and publicly traded company, like you said, and the number of people they service, it's reasonable they already have this in place for the size of their network. Fast forward to today. Last night, we had a little relaxation. Those of us who found ways to unwind, we did, and then fast forward to this morning and right around 10 a.m. again, 10 a.m. Eastern to just write back on it. We're seeing calls connect, but what's happening is we're not seeing C name. C name is caller ID name. We're not seeing RTP traffic, which is actually the audio. So if you're unfamiliar with VoIP, SIP is the part that actually sets up the call. It says, hey, Tom, I'm Ray. I can speak these codecs. You speak these codecs. Settle on one. We're going to use these ports. Let's go. And then RTP is the actual ports that's used for transferring the audio, the media part, a real-time protocol. So the RTP is what's getting clogged up or lost. We're seeing lots of packet loss, lots of high latency, of course, because they're clogged. And yeah, that's what's going on so far. And it's kind of a mess. I mean, we, Ray was, and I mentioned this last video, you know, we had to get off of the VoIP MS situation because it was just, it didn't seem like an end in sight. We're not trying to throw them under the bus, but it was like we switched. And there's a lot more tickets open now than there were before. And I'm very excited as well. I felt bad. I was joking with you because I said, you know, and I was joking with Eric, like, I helped all these VoIP MS people and brought them over and kind of put them back in the same pan for a little bit because bandwidth is one of our primary providers. We use several providers to distribute the load, but they're primary. So it's, yeah, there's a lot of people unhappy right now. And that's kind of what we're seeing from the MSPs, right? They're asking, and that's what, you know, Jennifer Bleehm asked on LinkedIn. She's like, what do we communicate? How do we tell our customers what's going on? That's the frustrating part with that because of the lack of communication or the lack of coverage we're seeing from the media, despite 9-11 centers being out, right? Yeah. There's Nor's requires, there's reporting that requires any 9-11 center down for more than 30 minutes has to be reported to the FCC within 240 minutes. That threshold was passed on Saturday. So you better believe, you know, the FCC is aware and, you know, realistically, the feds are probably involved in some capacity. That would be normal procedure. But as far as the communication side, you can't really point until this morning. You couldn't really point to any articles and say, look, everybody's affected. What we've been telling our partners is we put up a doc and explaining what's going on and stuff like that. But for the white label partners, the last thing they want to do is go back to OIT VoIP. So, you know, we're showing them the status pages of everybody else, right? The ring central, Zoom, everybody, Intermedia, everybody's affected. So they can say, look, even if you wanted to move from us, you're, you know, jumping out of the pan into the fire, it's, there's nowhere to go. Actually, somebody said it yesterday. I thought it was pretty good. Even if you jump out of the sinking ship, you're going to have to swim. So I thought that was pretty good. So yeah, so it's tough, right? So what we're communicating to people is, look, this is a national event. It could extend, I mean, bandwidth does international. So, you know, if you're using bandwidth for international routes, it could absolutely extend international. But realistically, this is mostly a predominantly U.S. event. And we're telling them, look, these are the things going on. It's everybody pointing them. Thank you, tech raider. Thank you. Believe me, computer. I believe ours technical was a third one. I can't remember the third one. Yeah, we'll leave them all linked below all the ones we have. Throw them in bottom video. It's kind of so you can create a response for your clients. You know, I've been trying to be late hearted and told one of them, they say, Hey, our clients can't call us. I'm like, well, they literally may not be able to call you either because they may be directly affected as well. I was like, this isn't just like a you alone thing. And I think that makes people feel a little bit better. It still doesn't relieve the tension because obviously everyone's highly aggravated by this. And as technologists and as the front, you know, first response that clients go is they call us where you got to respond to them right away. And yeah, we're doing everything we can on the back end, but that's no one wants to hear that. So he's what we say, we're always doing everything. Absolutely. Yeah, and that's part of the problem too. A lot of people are asking, Well, why don't we move the numbers from bandwidth to another provider? And we have in some cases for the majority cases, we're not for the simple reason that because bandwidth is used by so many of the other carriers, not only for inbound, but also for outbound, even if we move to another, excuse me, even if we move to another carrier where you can be reached, if they can't reach you because they're calling out from bandwidth and that call still can't connect, it doesn't help anything. So, you know, that's a common request we're getting. Instead, we're guiding people to use other non-conventional methods of communication, right? And I say non-conventional because really coming on range, right? Exactly. But like, you know, whether it's web chat, you know, live chat on your website or, you know, teams or Slack or Twitter or email, I mean, we have these tools just communicate to your clients. Chances are your clients are equally affected. You know what I mean? We were talking about, you know, one of my guys was telling my wife, you know, that his wife asked him, Is there something going on? You know, because my vet, the phone, the phones don't work. They sent an email. Are they your customers? And we're like, no, they're not our customers. You're just affected the way everybody else is. Yeah. And I see Corey Doctor with me. And I was just like, you know, it's kind of random. I follow him because I like some of the articles he posts. And randomly he tweets, he goes, my doctor's office said they don't have phones. And so did all the other doctor's office. It's like, this is a weird thing. It seems like a odd thing. He's a technologist and was like, this is puzzling. And it's in from someone's outside position like that. They, you know, aren't in the tech world like we are. It can be hard because like, it's not in the mainstream news yet, which just kind of surprises me, especially because now we're in day two of it. So maybe by the time we get this video out and there's more, because I don't think this is stopping. I mean, I joke to Ray, I think our video will be relevant in 24 hours. I'm hoping it will be. I truly honestly hope it will be. But yeah, I mean, just the timeline, you know, and that's, like you said, that's the thing that's mind boggling to me that like, you know, the pipeline attack, that hit the news really quickly. This is not, and this is, I mean, it's not a global scale thing, but close enough. I mean, it's big enough. I think people just cared more about gas in the cars than they do with the phone ringing. Then again, there's so many spam callers when the phone doesn't ring. We all just kind of go, you know, that's, that's the thing. Nobody's called to ask about my warranty. So I really can't complain. It must be down for them too. What a shame. Oh, now we're going to get a bunch of tweets asking about our warranty. Yeah, that could be. Oh, yeah. So that, you know, that's, that's, I think that covers what we wanted to cover today, right? Just let everybody know how to communicate, who's affected, what's going on. Yeah, anything else you think I'm missing? We'll try to answer all of them. Watch the previous video if you want to know more in depth, like what they're doing. Ray broke down how scrubbers work and things like that. But yeah, leave some comments if there's something more. We'll certainly link to any of the news articles. I'll throw them in the description down here so you can follow along. And maybe by the time this video gets posted to be an actual, some of the larger media outlets go, Hey, that would be nice for them to jump in, you know, help us out a little because you know how it is. The clients, you tell them what's going on. They always want that independent verification, right? That, you know, just, just it doesn't hurt, you know what I mean? It just backs you up. So we're sending my way and I'll be happy to tell them what's going on. Your MSP is absolutely correct. Yes. Yes. Just ask Ray, we'll back you up on this. Yeah. Ray's got you back. All right. Thanks. All the links will be in the comments below and along with the other video. Thank you, man. And thank you for making it to the end of this video. If you enjoyed this content, please give it a thumbs up. If you'd like to see more content from this channel, hit the subscribe button and the bell icon. To hire a sure project, head over to laurancesystems.com and click on the hires button right at the top. To help this channel out in other ways, there's a join button here for YouTube and a Patreon page, where your support is greatly appreciated. For deals, discounts, and offers, check out our affiliate links and the descriptions of all of our videos, including a link to our shirt store, where we have a wide variety of shirts and new designs come out well randomly. So check back frequently. And finally, our forums, forums.laurancesystems.com is where you can have a more in-depth discussion about this video and other tech topics covered on this channel. Thank you again, and we look forward to hearing from you. In the meantime, check out some of our other videos.