The DDoS Hack Has Found Some Of The Likely Culprits
Last Friday, parts of the Internet shutdown due to a Denial of Service Act (DDoS) attack done by hackers and the world went into a bit of a tailspin. Wanting to watch that new show on Netflix? Sorry it’s gone and if you wanted to tweet about it and complain—that was taken off the table too.
The hackers targeted a company named Dyn, which specializes in Internet Performance Management and provide the DNS, or the Internet equivalent of an address book, which is how people surf around the web. Dyn was overwhelmed with a lot of corrupt data causing the attack. The company tried to fix it but had issues all throughout the day.
So what does this mean? For starters, many hackers have tried to attack the DNS when hacking but have been unsuccessful. Since the Dyn hack, people should be a bit more worried because with the successful hack it’s not going to get any better as companies have been consolidating their DNS into a one stop shop that now says “hey hackers we are open.” But this isn’t a break-in type hack, it’s more of overwhelming these companies DNS with enough data that it can shut the site down.
Per the Daily Beast, someone actually saw this being a possibility before it was a reality. Bruce Schneier, an internationally renowned security technologist, wrote an article about this happening in September.
“Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet,” Schneier wrote in an article. “These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.”
Shneier also went into a little more detail into how a DDoS attack would go down and what method the hackers would use.
“Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it’s overwhelmed,” he wrote. “These attacks are not new: hackers do this to sites they don’t like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it’s a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.”
While it’s not known who is behind the DDoS attack that took down half the Internet last week. There has been some headway as to the cause and it has to do with a Chinese electronics manufacturer. Hangzhou Xiongmai Technology, a manufacturer that deals with DVRs and cameras, admitted that their cameras were vulnerable to the hack that shut down half the Internet. Its devices were corrupted by a malware virus called Mirai which targeted security vulnerabilities in the cameras that Xiongmai Tech manufactures.
“Mirai is a huge disaster for the Internet of Things,” Xiongmai said in an email to IDG News Service. “(We) have to admit that our products also suffered from hacker’s break-in and illegal use. Security issues are a problem facing all mankind. Since industry giants have experienced them, Xiongmai is not afraid to experience them once, too.”
Xionmai has since done a recall for many of its products in light of the attacks. However, the company did stress that many users didn’t follow basic protocol when setting up the cameras. In a statement, the company placed the blame on the user by saying the biggest issue was the default passwords were not changed.
As for Dyn, representatives said that there were three attacks on them on Friday. The first two caused severe outages around 7 a.m. and noon eastern time respectively. The third attack, which Dyn deemed as global in nature, was handled before it affected customers.
“News reports of a third attack wave were verified by Dyn based on our information. While there was a third attack attempted, we were able to successfully mitigate it without customer impact,” the company said in a statement. “Dyn’s operations and security teams initiated our mitigation and customer communications process through our incident management system. We practice and prepare for scenarios like this on a regular basis, and we run constantly evolving playbooks and work with mitigation partners to address scenarios like these.”
The company also speculated as to what might be behind the attack that caused dozens of websites to go down. It claimed that it was a “sophisticated attack” and that the Mirai botnet was part of the issue.
“At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses,” the statement read. “We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations.”