Popular websites knocked down by IoT-enabled DDoS attack

Video cams, DVRs used to disrupt Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

An army of infect­ed gadgets—such as nan­ny cameras—overwhelmed a crit­i­cal Inter­net ser­vice provider on Fri­day, Oct. 21, knock­ing many large Inter­net com­pa­nies offline. The firm at the mid­dle of the attack, New Hamp­shire-based Dyn, report­ed repelling three waves of attacks over about a 12-hour peri­od.

In a con­fer­ence call with reporters Fri­day, the firm said an army of infect­ed Inter­net of Things devices flood­ed its ser­vices with traf­fic. As a result, traf­fic was com­ing to the firm from “tens of mil­lions of IP address­es at the same time,” the firm said.

The result was that Inter­net users for most of Fri­day could not con­sis­tent­ly access to Twit­ter, Spo­ti­fy, Net­flix, Ama­zon, Tum­blr, Red­dit, Pay­Pal and oth­er pop­u­lar sites.

Relat­ed video: As Inter­net of Things expands, so do secu­ri­ty expo­sures

Com­put­er secu­ri­ty firm Flash­point report­ed that Dyn was the vic­tim of an attack orches­trat­ed by crim­i­nals using mali­cious soft­ware called Mirai. It search­es the Inter­net look­ing for gad­gets that are pro­tect­ed only by default pass­words or sim­ple pass­words, infects them, and then assem­bles them into a bot­net that can be used for attacks like this.

The source code for Mirai was made pub­lic ear­li­er this month. And last week, Threat­post report­ed that the num­ber of Mirai-infect­ed devices had, pre­dictably, soared since the release.

The num­ber of com­pro­mised CCTV cam­eras, DVRs, home-net­work­ing equip­ment over­run by Mirai has more than dou­bled from 213,000 to 493,000,” it said.

All those com­pro­mised “smart” locks and refrig­er­a­tors could be used to attack a com­put­er serv­er by over­whelm­ing it with requests, which is appar­ent­ly what hap­pened to Dyn. The firm described the attack as sophis­ti­cat­ed and well planned.

What they actu­al­ly did was move “around the world with each attack,” said Dyn Chief Strat­e­gy Offi­cer Kyle York, as report­ed by CNBC Fri­day.

Dyn offers man­aged Domain Name Ser­vice host­ing, which allows com­pa­nies to geo­graph­i­cal­ly dis­perse their crit­i­cal DNS ser­vices. DNS is the Internet’s address­ing sys­tem, con­nect­ing cryp­tic IP address­es to com­mon names like BobSullivan.net. DNS can be a bot­tle­neck, so some larg­er web­sites out­source DNS ser­vices to firms like Dyn.

The attack occurred as a tense elec­tion sea­son is draw­ing to a close and rhetoric about poten­tial hack­ing inci­dents impact­ing the pres­i­den­tial cam­paign con­tin­ues to esca­late. There was no evi­dence to con­nect this attack to the elec­tion, but jit­tery vot­ers drew the infer­ence any­way.

Read­ing Dyn’s nor­mal­ly dry net­work sta­tus page pro­vides a melo­dra­mat­ic look at how Friday’s events unfold­ed.

The day began with:

Start­ing at 11:10 UTC on Octo­ber 21st-Fri­day 2016 we began mon­i­tor­ing and mit­i­gat­ing a DDoS attack against our Dyn Man­aged DNS infra­struc­ture. Some cus­tomers may expe­ri­ence increased DNS query laten­cy and delayed zone prop­a­ga­tion dur­ing this time.”

Then, “This attack is main­ly impact­ing US East and is impact­ing Man­aged DNS cus­tomers in this region.”

Two hours lat­er, “Ser­vices have been restored to nor­mal.”

But not so fast.

As of 15:52 UTC, We have begun mon­i­tor­ing and mit­i­gat­ing a DDoS attack against our Dyn Man­aged DNS infra­struc­ture.”

Still, by 3 p.m. East Coast time, the firm hadn’t wres­tled the attack to the ground.

Our engi­neers are still inves­ti­gat­ing and mit­i­gat­ing the attacks on our infra­struc­ture.”

Sto­ries relat­ed to cloud secu­ri­ty and the Inter­net of Things:
Worm bur­rows into, infects wire­less ISPs, Inter­net of Things
Data secu­ri­ty even more crit­i­cal as Inter­net of Things mul­ti­plies, morphs

Rip­ples from Inter­net of Things cre­ate sea change for secu­ri­ty, lia­bil­i­ty


Posted in Data Breach, Featured Story