On October 21st 2016, a massive Distributed Denial of Service (DDoS) attack disrupted a significant portion of internet activity in the US. The attack targeted the Domain Name System (DNS) which ensures information requests sent over the internet are sent to the correct address. The attack caused outages for users shopping, browsing social media, and streaming music. Some users experienced short outages while others were without these online services for several hours. Several of the most popular websites on the internet were victims, including Twitter, Reddit, CNN, PayPal, Pinterest, and Netflix.
Who was the target of this attack?
The main target of the attacks was Dyn, which is one of the main companies that operate the internet’s DNS. Dyn experienced two large DDoS attacks on its servers. By targeting a major DNS service provider, attackers were able to disrupt a large number of mainstream entertainment, social media, and news sites. Dyn was attacked three times with the first attack at 7:00 AM EDT which was resolved around 9:20 AM. The second attack hit around 11:50 AM at which point internet users noticed difficulties accessing their favorite sites. The third attack happened in the afternoon after 4:00 PM, which was resolved shortly after 6:00 PM.
Who carried out the attack?
By November 3rd New World Hackers and Anonymous came forward to claim responsibility for the attack. Hackers are willing and able to disrupt the economy through malicious activity by means of malicious code. These groups were either indifferent to the negative impacts of their activity, which cost millions in lost revenues and the ire of users, or they intentionally set out to cause this level of impact.
How was this attack carried out?
The Mirai botnet was used in this massive attack. The hackers released the Mirai botnet source code, which was said to virtually guarantee a flood of attacks from multiple new botnets would hit the internet. The botnets were powered by thousands of devices easy to hack to include devices connected via the Internet of Things (IoT) which you may have at home, such as digital video recorders, wireless routers, DVRs, IP cameras and several other devices. The Mirai botnet is a large network consisting of multiple devices each infected with self-propagating malware.
Although the devices used to carry out the attack were not as powerful as computers, they generated large amount of traffic to targeted DNS servers. The volume of hacked devices contributed to the results of the attack. Default passwords on many of the devices allowed hackers to easily overtake them since most people do not use complex passwords on devices they believe to be harmless.
What can you do to prevent your devices being used in the next DDoS attack?
Exploitation of unsecured devices connected to the internet caused this massive attack. By simply disabling your connected devices, you can prevent them from being hacked. If you must have your device connected, use a complex password and only connect it when you need to use it online. Make sure you update IoT devices with the latest security updates as soon as they become available. Regardless of whether the device is a camera or DVR, it’s a potential contributor to the next big attack.
Although individuals do not have the power to stop massive attacks in the future, industry leaders can reduce the likelihood of future attacks by reducing the number of devices vulnerable to such attacks. Manufacturers of internet-connected devices can set default passwords to something more complex and harder to hack since many users will never change the default password.
Surprising devices in your household that are connected to the Internet.
If you own a device you can operate through a mobile app on your phone, the chances are pretty high it’s connected to the internet. Several toy manufacturers have developed apps for remote control toys in recent years. Devices that can be operated by smartphone, tablet, or other internet-connected device are vulnerable to attack. If you are unsure how to disable internet connectivity on the device, contact the manufacturer or distributor. You may not think a remote controlled toy car or helicopter could lead to the nation’s next big hack, however; you’d be surprised at the minimal amount of connectivity a hacker needs to turn the device into a portal for distributing DDOS attacks.
Samsung, LG, and a host of other companies have already developed several IoT devices such as refrigerators, TVs, alarm clocks, home security systems, washing machines, and several other appliances. Consult your owner’s manual to find out how you can turn off internet connectivity from these devices when you do not need it or if you do not use it. Any connected device is vulnerable if the proper steps are not taken to make it difficult to hack.