5 Things We Know About The Massive Cyber Attack That Shut Down Several Major Websites
Hackers leveraged web-connected DVRs and cameras.
If you couldn’t access any one of a number of major websites Friday such as Twitter, Spotify, or Reddit (even servers hosting Maxim‘s images were briefly affected), there’s a good reason: a company that provides a kind of digital bridge between the sites and the rest of the web was targeted with garbage data sent from zombie machines controlled by hackers.
The attack that took down such a large chunk of the web used daily by so many is called a DDoS, short for Directed Denial of Service. It’s an old and somewhat simple method for taking down an individual website. Friday’s DDoS was unique due to its massive size and duration. Here’s what we know.
1. The hackers behind the DDoS targeted one New Hampshire-based company.
Dyn, located in Manchester, N.H., is “an Internet performance management company, offering products to monitor, control, and optimize online infrastructure, and also domain registration services and email products.” Dyn is also one of several hosts for the internet’s DNS, or Domain Name System—essentially a giant digital phone book. The attackers started flooding Dyn with garbage data packets early Friday and by 9 a.m. East Coast time several sites were impossible to access.
2. Baby monitors and webcams were a big part of the problem.
The New York Times reported:
[The] attack appears to have relied on hundreds of thousands of internet-connected devices like cameras, baby monitors and home routers that have been infected — without their owners’ knowledge — with software that allows hackers to command them to flood a target with overwhelming traffic.
The web-connected equipment that makes up what’s sometimes called the “Internet of Things” is sometimes terribly insecure and owners don’t think to do simple things like change basic passwords.
3. The network of devices controlled by the DDoS software has a name: The Mirai Botnet.
HackRead reports the Mirai Botnet is so named for “Mirai DDoS botnet malware”—malicious software. Crazier still, anyone can grab the source code for Mirai if they want and try to put it into play.
4. It can be alarmingly easy to set up a DDoS.
An AP report (via the CBC) indicated something pretty surprising: it doesn’t necessarily take much in the way of financial resources to perform a DDoS. Cybersecurity expert Lance Cottrell indicated to the Associated Press that “not much is required in the way of resources or skill to mount a botnet attack,” and “would-be attackers can rent botnets for as little as $100.”
5. No one is sure who was actually behind this attack.
A group that calls itself the New World Hackers and which took credit for a similar hit on the BBC claims they did it. They told Anonymous Intelligence Group that they performed the DDoS “for the good,” because “Russia is pretty much saying they are better than the U.S by hacking into everything attempting to start a war. We will show them a war.” In a possibly unrelated development, Wikileaks indicated via Twitter that their “supporters” may have had a hand in the effort:
Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point. pic.twitter.com/XVch196xyL
— WikiLeaks (@wikileaks) October 21, 2016
One thing seems sure: this kind of disruption is here to stay. Future attacks may be more extensive and damaging. And they’ll probably keep using baby monitors and smart thermostats to do it.