Massive Cyber Attacks Shut Down Major Internet Websites
By Beth Golden, UniversityHerald ReporterIf you woke up last Friday distraught and asking what the world has happened as major internet websites and services were unavailable, you are not alone. Gizmodo reported that half the internet was shut down because DNS provider Dyn was under massive DDoS attack.
Alex Fitzpatrick summed this unfortunate incident in his report in Time, "A massive DDoS attack against a major DNS service likely using a botnet of IoT devices resulted in Internet issues across the eastern United States Friday, making it hard for many users to access their favorite sites."
What attacked what?
If that wasn't clear to you, let's take those terms one by one.
A DNS or "domain name system" is basically the internet's phonebook. While you identify us with the URL (uniform resource locator), universityherald.com, our site like all other sites, have a numeric address. When you search for us online, your browser actually uses a DNS to match our URL with the our numeric address to bring you to the right place.
In a DDoS or "Distributed Denial of Service" attack, the target is flooded with massive data, often bogus requests, to overload the system and know the service offline. There are different types of DDoS attacks but this is the simplest concept.
Botnet, tech speak for "robot network" is a network of computers and similar devices under the control of one user. This is often done by hackers using malware to infect electronic devices and gain access without users knowing. When hackers get enough computers infected in their botnet, they can simply point to the target and proceed with DDoS. Access to botnets are sold in the dark web.
The Internet of Things or "IoT" refers to all sorts of gadgets that can connect to the internet. This include self-driving cars, smart TVs, electronic wearables and many others, many of which, security experts believe are not being properly secured. It is also suspected that the botnet used last month in a major DDoS attack was used on Dyn.
Given all that, we can say that a hacker or a group of hackers can use tons of devices to dump massive amount of data to any target till it becomes flooded and unreacheable.
The hackers used a software called Mirai to infiltrate devices. The Register's Chris Williams reports that Mirai was initially used to hack the website of cybercrime blogger Brian Krebs offline last month. The Mirai code has since been leaked.
"Mirai spreads across the web, growing its ranks of obeying zombies, by logging into devices using their default, factory-set passwords via Telnet and SSH. Because no one changes their passwords on their gizmos, Mirai can waltz in and take over routers, CCTV cameras, digital video recorders, and so on." Williams said.
They all went down
There have been 3 tremenduos waves of attack on Dyn but the firm has released a statement acknowledging the support of both their team and customers and disclosed that the matter is being investigated.
Dyn's Kyle York, Chief Strategy Officer wrote that, "At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack."
Dyn is said to serve 6% of America's Fortune 500 companies, making it a valuable target.
Gizmodo listed websites that were affected by last Friday's attack:
-
ActBlue
-
Basecamp
-
Big cartel
-
Box
-
Business Insider
-
CNN
-
Cleveland.com
-
Etsy
-
Github
-
Grubhub
-
Guardian.co.uk
-
HBO Now
-
Iheart.com (iHeartRadio)
-
Imgur
-
Intercom
-
Intercom.com
-
Okta
-
PayPal
-
People.com
-
Pinterest
-
Playstation Network
-
Recode
-
Reddit
-
Seamless
-
Spotify
-
Squarespace Customer Sites
-
Starbucks rewards/gift cards
-
Storify.com
-
The Verge
-
Twillo
-
Twitter
-
Urbandictionary.com (lol)
-
Weebly
-
Wired.com
-
Wix Customer Sites
-
Yammer
-
Yelp
-
Zendesk.com
-
Zoho CRM
-
Credit Karma
-
Eventbrite
-
Netflix
-
NHL.com
-
Fox News
-
Disqus
-
Shopify
-
Soundcloud
-
Atom.io
-
Ancersty.com
-
ConstantContact
-
Indeed.com
-
New York Times
-
Weather.com
-
WSJ.com
-
time.com
-
xbox.com
-
dailynews.com
-
Wikia
-
donorschoose.org
-
Wufoo.com
-
Genonebiology.com
-
BBC
-
Elder Scrolls Online
-
Eve Online
-
PagerDuty
-
Kayak
-
youneedabudget.com
-
Speed Test
-
Freshbooks
-
Braintree
-
Blue Host
-
Qualtrics
-
SBNation
-
Salsify.com
-
Zillow.com
-
nimbleschedule.com
-
Vox.com
-
Livestream.com
-
IndieGoGo
-
Fortune
-
CNBC.com
-
FT.com
-
Survey Monkey
-
Paragon Game
-
Runescape
DHS issues a warning
According to Reuters, "The Department of Homeland Security last week issued a warning about attacks from the Internet of Things, following the release of the code for Mirai."
Renowned technology security expert Bruce Schneier has also written about national entities trying to take down the internet.
Presidential spokesperson Josh Earnest said that the White House is aware of the situation and that the DHS was "monitoring" the attacks and at present they have not provided information who was behind these attacks.