Hacked Cameras Were Behind Friday's Massive Web Outage
By Brian Solomon and Thomas Fox-Brewster
A massive distributed denial of service (DDoS) attack on Friday slowed down or knocked offline a whole group of major websites, including Twitter, Spotify, Amazon, Reddit, Yelp, Netflix, and The New York Times.
The main cause appears to be a coordinated attack on Dyn, a major DNS host (an intermediary sometimes described as an Internet address book) that says its engineers began monitoring problems at 7:10am ET and “are continuing to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure.”
We already know at least one method the hackers are using. According to security intelligence firm Flashpoint, their researchers have observed a Mirai botnet attacking Dyn. Flashpoint researcher Zach Wikholm had identified two kinds of device that were used in the DDoS. The first was a DVR running the software of the Chinese company previously-identified as being a key target of the Mirai hackers – Hangzhou XiongMai Technologies (XM). The other was a network-attached storage device with a username and password of “root/root”.
Roland Dobbins, principal engineer at Arbor Networks, agrees: ”A significant proportion of the DDoS attack traffic targeting Dyn is being sourced from compromised IoT devices participating in Mirai botnets.”
This kind of botnet, which FORBES has written about twice in the last month, consists of tens of thousands of Internet-connected devices, including unsecure routers, DVR machines, and cameras. Such devices, proliferating in the wave of “Internet of Things,” have proven vulnerable to simple hacks, giving hackers access to vast networks of computing devices able to generate extraordinary volumes of traffic–the key ingredient to DDoS attacks.
In previous incidents, botnets of more than 25,000 cameras have been used in attacks that often start in Asia, in particular China, South Korea, Taiwan, and Vietnam. One Chinese camera-maker appears to have accounted for nearly half of the camera bots used in recent DDoS attacks.
White House press secretary Josh Earnest told reporters that the Department of Homeland Security was monitoring these “malicious” attacks but did not speculate on who might be behind them. The outages come after the Federal Government has blamed Russia for a cyber campaign to disrupt the upcoming U.S. election. A Twitter account associated with the hacker group Anonymous appeared to take credit.
When you put all the Hackers in the world together we are five times the size of the NSA do that math! pic.twitter.com/0SNcXEzkyk
— 0HOUR1 (@0HOUR1__) October 21, 2016
Many websites were down or only partially functional for hours during the day on Friday. As of 4:45pm ET, service on Twitter and Amazon had resumed.
Tips and comments are welcome at TFox-Brewster@forbes.com or firstname.lastname@example.org for PGP mail. Follow Tom on Twitter @iblametom and email@example.com for Jabber encrypted chat.
This article was written by Brian Solomon from Forbes and was legally licensed through the NewsCred publisher network.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.