Bloomberg
Vulnerable internet-connected devices such as cameras and digital video recorders may be to blame for the attack that took down some of the world’s most popular websites on Friday. Malware that targets the “internet of things,†a new breed of small gadgets that are connected to the internet, may have powered the global attack, according to Brian Krebs, a well-known journalist covering computer security. Poorly secured devices may have been compromised and turned into a “botnet†that powered the attack, he wrote.
Millions of internet users lost access to some of the world’s most popular websites on Friday as hackers hammered servers along the U.S. East
Coast with phony traffic until they crashed, then moved westward. The attackers hit Dyn Inc., a provider of Domain Name System services, taking down sites including Twitter, Spotify, Reddit, CNN, Etsy and the New
York Times for long stretches of time. By Friday evening, Dyn said it had stopped the hacks.
“As you can imagine it has been a crazy day,†Dyn spokesman Adam Coughlin wrote in an e-mail. “At this moment (knock on wood) service has been restored.†Security professionals have been anticipating more attacks from malware that targets the “internet of things†since a hacker released software code that powers such malware, called Mirai, several weeks ago. Kyle York, chief strategy officer of Dyn, said the hackers launched a so-called distributed denial-of-service (DDoS) attack using “tens of millions†of malware-infected devices connected to the internet. Gillian M. Christensen, a spokeswoman for the U.S. Department of Homeland Security, said the agency and the FBI is aware of the incidents and “investigating all potential causes.â€
INTERNET HAVOC
Dyn first reported site outages relating to the DDoS attack around 7:10 a.m. New York time on Friday. The company restored service two hours later, but was offline again around noon, as another attack appeared to be underway, this time affecting the West Coast as well.
While DDoS attacks don’t steal anything, they create havoc across the internet — and are on the increase in volume and power.
Sites were affected as far away as Australia by a second wave of attacks that began at around 1 a.m. Sydney time on Saturday and lasted about five hours, said Dave Anderson, a London-based vice president of marketing at Dynatrace LLC, which monitors the performance of websites. At the peak of the attack, average DNS connect times for 2,000 websites monitored by Dynatrace went to about 16 seconds from 500 milliseconds normally.
“I have never seen severity this big, impacting so many sites and lasting over such a prolonged period of
time,†Anderson said in a telephone interview. “It just shows how vulnerable and interconnected the world
is, and when something happens in one region, it impacts every other region.†Dynatrace’s analytics aren’t able to trace the source of the attacks, Anderson said.
Earlier Friday in the U.S., Krebs wrote that the timing of the attacks corresponded with the release of research conducted by Dyn’s director of internet analysis. Dyn highlighted potential connections between firms that offer to protect against DDoS attacks, and the hackers who conduct them. Krebs’s own website faced an “extremely large and unusual†DDoS attack after he published a story based on the same research, he said.
“We can’t confirm or even speculate on anyone’s motivation or relation to that research,†said Dave Allen, Dyn’s general counsel.
With attacks on the internet’s Domain Name System, hackers compromise the underlying technology that governs how the web functions, making the hack far more powerful and widespread.
The DNS translates website names into the Internet Protocol addresses that computers use to look up and access sites. But it has a design flaw: Sending a routine data request to a DNS server from one computer, the hacker can trick the system into sending a monster file of IP addresses back to the intended target.
Multiply that by tens of thousands of computers under the hackers’ control, and the wall of data that flooded back is enormous.
A small server may be capable of handling hundreds of simultaneous requests, but thousands every minute cause overload and ultimately shut down, taking the websites it hosts offline with it.
The practice often is employed by groups of hackers. In 2012, a DDoS attack forced offline the websites of Bank of America Corp., JPMorgan Chase & Co., Citigroup Inc., Wells Fargo & Co., U.S. Bancorp and PNC Financial Services Group Inc.