Well, it was only a matter of time before what happened last Friday happened. I’m talking about the Distributed Denial of Service (DDoS) incident on server farms of a key internet firm, Dyn, that repeatedly disrupted access to major websites and online services including Twitter, Netflix,GitHub, and PayPal across the U.S. and Europe last Friday. The White House called the disruption malicious and hacker groups have claimed responsibility, though their assertion is not yet verified.
The event involved multiple denial-of-service (DoS) attacks targeting systems operated by Domain Name System (DNS) provider, Dyn, that rendered major internet platforms and services unavailable to large swaths of North America and Europe.
“The complexity of the attacks is what is making it so difficult for us,” said Kyle York, Dyn’s chief strategy officer. “What they are actually doing is moving around the world with each attack.”
As a DNS provider, Dyn provides to end-users the service of mapping an Internet domain name—when, for instance, entered into a web browser—to its corresponding IP address. The DDoS attack involved tens of millions of DNS lookup requests from a large number of IP addresses. The activities are believed to involve a botnet coordinated through a large number of IoT devices that had been infected with the Mirai malware.
Did IoT DDoS Take Down the Internet?
Organizations claiming responsibility said they organized networks of connected “zombie” computers (botnets) that threw a staggering 1.2 terabits per second of data at the Dyn-managed servers.
What Is A DoS Attack Anyway?
A denial-of-service (DoS) attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
A distributed denial-of-service (DDoS) is a cyber-attack where the perpetrator uses more than one, often thousands, of unique IP addresses. The scale of DDoS attacks has continued to rise over recent years, as witnessed by the Dyn attack.
According to Dyn, a distributed denial-of-service (DDoS) attack began at 7:00 a.m. and was resolved by 9:20 a.m. A second attack was reported at 11:52 a.m. and Internet users began reporting difficulties accessing websites. A third attack began in the afternoon, after 4:00 p.m. At 6:11 p.m., Dyn reported that they had resolved the issue.
The US Department of Homeland Security is investigating the attacks. No group claimed responsibility during or in the immediate aftermath of the attack. Dyn’s chief strategist said in an interview that the assaults on the company’s servers were very complex and unlike common, everyday DDoS attacks.
Dyn disclosed that the attack was a botnet coordinated through a large number of IoT devices, including cameras, home routers, and baby monitors that had been infected with Mirai malware. The attribution of the attack to the Mirai botnet had been previously reported by BackConnect, an Internet security firm. Dyn stated that they were receiving malicious requests from tens of millions of IP addresses. Mirai is designed to brute-force the security on an IoT device, allowing it to be controlled remotely. Cybersecurity investigator Brian Krebs noted that the source code for Mirai had been released onto the Internet as open-source earlier in October.
As of today, October 27, 2016, President Obama indicated that investigators still had no idea who carried out the cyber-attack.