The attack that took down some of the world’s most popular websites on Friday could have been due to vulnerable internet-connected devices such as cameras and digital video recorders.
According to Brian Krebs, a well-known journalist covering computer security, the global attack may have been powered by malware that targets the “internet of things,” a new breed of small gadgets that are connected to the internet. Krebs wrote that poorly secured devices may have been turned into a “botnet” that powered the attack and they may have been compromised.
As hackers hammered servers along the U.S. East Coast with phony traffic until they crashed, then moved westward, millions of internet users lost access to some of the world’s most popular websites on Friday. Sites including Twitter, Spotify, Reddit, CNN, Etsy and the New York Times for long stretches of time were taken down as the attackers hit Dyn Inc., a provider of Domain Name System services.
Dyn said it had stopped the hacks by Friday evening.
“As you can imagine it has been a crazy day. At this moment (knock on wood) service has been restored,” Dyn spokesman Adam Coughlin wrote in an e-mail.
Since a hacker released software code that powers such malware, called Mirai, several weeks ago, security professionals have been anticipating more attacks from malware that targets the “internet of things”. Using “tens of millions” of malware-infected devices connected to the internet, the hackers launched a so-called distributed denial-of-service (DDoS) attack said Kyle York, chief strategy officer of Dyn.
The agency and the FBI is aware of the incidents and “investigating all potential causes”, said Gillian M. Christensen, a spokeswoman for the U.S. Department of Homeland Security.
Around 7:10 a.m. New York time on Friday, Dyn first reported site outages relating to the DDoS attack. But as another attack appeared to be underway, this time affecting the West Coast as well, services was offline again around noon, after the company restored service two hours after the first attack. While the DDoS attacks create havoc across the internet and are on the increase in volume and power, the attacks don’t steal anything.
Dave Anderson, a London-based vice president of marketing at Dynatrace LLC, which monitors the performance of websites, said that a second wave of attacks that began at around 1 a.m. Sydney time on Saturday and lasted about five hours affected sites as far away as Australia. From 500 milliseconds normally, average DNS connect times for 2,000 websites monitored by Dynatrace went to about 16 seconds at the peak of the attack.
“I have never seen severity this big, impacting so many sites and lasting over such a prolonged period of time. It just shows how vulnerable and interconnected the world is, and when something happens in one region, it impacts every other region,” Anderson said in a telephone interview.
Anderson said that the sources of the attacks were not being able to be traced by Dynatrace’s analytics.
The release of research conducted by Dyn’s director of internet analysis coincided with the timing of the attacks, Krebs wrote earlier Friday in the U.S. Potential connecti0ns between firms that offer to protect against DDoS attacks, and the hackers who conduct them were highlighted by Dyn. Kreb said that after he published a story based on the same research, his own website faced an “extremely large and unusual” DDoS attack.
“We can’t confirm or even speculate on anyone’s motivation or relation to that research,” said Dave Allen, Dyn’s general counsel.
(Adapted from Bloomberg)