The internet has been on shaky footing for the better part of Friday thanks to a large-scale attack on a company that runs a large portion of crucial internet infrastructure. It's still too early to know exactly who is behind the attack, but experts have begun to pin down which devices are doing the bulk of the work. It's not computers, but devices from the so-called Internet of Things. We're talking smart fridges, web cams, and DVRs. It may sound funny, being attacked by refrigerators, but don't laugh. It's actually horrifying.
The current assault against Dyn is one of the simplest in a hacker's playbook. The distributed denial of service attack (DDoS) doesn't require breaking into a target's computers or finding any secret weakness. Instead, it involves simply pummeling them with so much traffic they can't possibly keep up. Hackers executing a DDoS call upon millions of machines under their control and command them to ask the target for so many things all at once that the target all but melts down under the strain.
“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning though,” said Kyle York, Dyn’s chief strategy officer said on a conference call with reporters Friday afternoon.
Troubling to security experts was that the attackers relied on Mirai, an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch DDoS attacks. The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance.
These devices are in turn used to create a robot network, or botnet, to send the millions of messages that knocks the out victims' computer systems.
The source code for Mirai was released on the so-called dark web, sites that operate as a sort of online underground for hackers, at the beginning of the month. The release led some security experts to suggest it would soon be widely used by hackers. That appears to have happened in this case.
Executing a DDoS is simple, but only if you have millions of computers at your disposals. These computers—often known as "zombies"—are machines that have been compromised by some sort of virus or malware. This malware doesn't totally disable the computer, but just sits there waiting for the order to attack a target, as part of a swarm called a botnet.
Building a botnet can be a painstaking process. There are plenty of vulnerable computers in the world, but also plenty of people who take reasonably good care of their trusty phone or laptop, protecting it from infection. However, over the past five years or so, the Internet of Things has introduced millions upon millions of newly internet-connected devices—like DVRs and cameras and smart fridges and thermostats—that hackers can add to their swarms with terrifying ease.
The potential problem has been bubbling up for months, but reached a peak earlier this month when the source code for something called the "Mirai" botnet was released onto the web. Designed to target the Internet of Things specifically, Mirai can scoop up connected devices and add them to a botnet simply by attempting to log into them with their factory-default username and password. Have you changed the password on your smart fridge lately? I thought not.
As part of its business, Dyn provides DNS services for a given swath of the Internet, effectively its address book. DNS stands for Domain Name System, the decentralized network of files that link the domain names human beings use, such as usatoday.com, with their numeric Internet Protocol addresses, such as 184.50.238.11, which is how computers look for websites.
"If you go to a site, say yahoo.com, your browser needs to know what the underlying Internet address that’s associated with that URL is. DNS is the service that does that conversion,” said Steve Grobman, chief technology officer for Intel Security.
The attack hit the Dyn server that contains that address book, a service Dyn provides to multiple Internet companies. For anyone attempting to link to a site that used the Dyn service, when they entered an address such as twitter.com or tumblr.com it was unable to link them to the proper numerical IP address, so to their computer it appeared the site was unavailable.
DDoS attacks flood servers with millions of illegitimate requests, so many that very few real requests can get through, or get through only intermittently.
The Mirai code focuses on all kinds of smart devices including cameras to internet-connected fridges, but its bread and butter is DVRs. Of the nearly 500,000 devices known to be compromised by the Mirai malware, some 80 percent of them are DVRs, according to an in-depth investigation of by Level 3 communications.
These infected DVRs, along with a few thousand other gadgets, can drive ludicrous amounts of traffic. Devices compromised by this malware were responsible for a 620Gbps attack against the security website Krebs on Security in September, the biggest DDoS the world had ever seen, at the time. Reports from the security firm Flashpoint, by way of Brian Krebs, suggest that it is a botnet based on exactly this technology that is responsible for today's outages, and Dyn has since confirmed this suspicion to TechCrunch.
Last month, security researcher Bruce Schneier started sounding the alarm that someone or something was carefully probing the internet for weakness. A scary prospect on its own, and one followed shortly thereafter by the full release of the Mirai code for any ne'er-do-well to use. Today's attack, it would seem, is a confluence of these two events: An attacker who has been carefully surveying the internet for weak points is now openly wielding one of the most capable blunt weapons we've ever seen blast the web.
The most terrifying part: This is probably only the beginning.
The current assault against Dyn is one of the simplest in a hacker's playbook. The distributed denial of service attack (DDoS) doesn't require breaking into a target's computers or finding any secret weakness. Instead, it involves simply pummeling them with so much traffic they can't possibly keep up. Hackers executing a DDoS call upon millions of machines under their control and command them to ask the target for so many things all at once that the target all but melts down under the strain.
“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning though,” said Kyle York, Dyn’s chief strategy officer said on a conference call with reporters Friday afternoon.
Troubling to security experts was that the attackers relied on Mirai, an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch DDoS attacks. The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance.
These devices are in turn used to create a robot network, or botnet, to send the millions of messages that knocks the out victims' computer systems.
The source code for Mirai was released on the so-called dark web, sites that operate as a sort of online underground for hackers, at the beginning of the month. The release led some security experts to suggest it would soon be widely used by hackers. That appears to have happened in this case.
Executing a DDoS is simple, but only if you have millions of computers at your disposals. These computers—often known as "zombies"—are machines that have been compromised by some sort of virus or malware. This malware doesn't totally disable the computer, but just sits there waiting for the order to attack a target, as part of a swarm called a botnet.
Building a botnet can be a painstaking process. There are plenty of vulnerable computers in the world, but also plenty of people who take reasonably good care of their trusty phone or laptop, protecting it from infection. However, over the past five years or so, the Internet of Things has introduced millions upon millions of newly internet-connected devices—like DVRs and cameras and smart fridges and thermostats—that hackers can add to their swarms with terrifying ease.
The potential problem has been bubbling up for months, but reached a peak earlier this month when the source code for something called the "Mirai" botnet was released onto the web. Designed to target the Internet of Things specifically, Mirai can scoop up connected devices and add them to a botnet simply by attempting to log into them with their factory-default username and password. Have you changed the password on your smart fridge lately? I thought not.
As part of its business, Dyn provides DNS services for a given swath of the Internet, effectively its address book. DNS stands for Domain Name System, the decentralized network of files that link the domain names human beings use, such as usatoday.com, with their numeric Internet Protocol addresses, such as 184.50.238.11, which is how computers look for websites.
"If you go to a site, say yahoo.com, your browser needs to know what the underlying Internet address that’s associated with that URL is. DNS is the service that does that conversion,” said Steve Grobman, chief technology officer for Intel Security.
The attack hit the Dyn server that contains that address book, a service Dyn provides to multiple Internet companies. For anyone attempting to link to a site that used the Dyn service, when they entered an address such as twitter.com or tumblr.com it was unable to link them to the proper numerical IP address, so to their computer it appeared the site was unavailable.
DDoS attacks flood servers with millions of illegitimate requests, so many that very few real requests can get through, or get through only intermittently.
The Mirai code focuses on all kinds of smart devices including cameras to internet-connected fridges, but its bread and butter is DVRs. Of the nearly 500,000 devices known to be compromised by the Mirai malware, some 80 percent of them are DVRs, according to an in-depth investigation of by Level 3 communications.
These infected DVRs, along with a few thousand other gadgets, can drive ludicrous amounts of traffic. Devices compromised by this malware were responsible for a 620Gbps attack against the security website Krebs on Security in September, the biggest DDoS the world had ever seen, at the time. Reports from the security firm Flashpoint, by way of Brian Krebs, suggest that it is a botnet based on exactly this technology that is responsible for today's outages, and Dyn has since confirmed this suspicion to TechCrunch.
Last month, security researcher Bruce Schneier started sounding the alarm that someone or something was carefully probing the internet for weakness. A scary prospect on its own, and one followed shortly thereafter by the full release of the Mirai code for any ne'er-do-well to use. Today's attack, it would seem, is a confluence of these two events: An attacker who has been carefully surveying the internet for weak points is now openly wielding one of the most capable blunt weapons we've ever seen blast the web.
The most terrifying part: This is probably only the beginning.
Comments
Post a Comment