Saturday, October 29, 2016

How An Attack On A Company You've Never Heard Of Shut Down The Internet

How An Attack On A Company You've Never Heard Of Shut Down The Internet

If you were on the internet this week, as you may have been if you're reading this, then you probably noticed some sites are having trouble loading, and others are not working at all. There's a good reason for that. Well, not a good reason, but a clear, obvious reason: someone is attacking the internet, and they're succeeding.

 The attacks have a single primary target: a company called Dyn DNS. The company is a middleman on the internet, providing the DNS service that routes requests from your computers or phones to the websites that are your final destination. When everything works smoothly, Dyn has a low profile, and there's little reason to give it a second thought. But when the DNS servers go down, internet traffic can't get anywhere, so popular sites are unreachable, and users are left wondering what, exactly, went wrong. The attacks have blocked everything from Grubhub to Github, leaving the hungry, the nerdy, and everyone else, with an internet experience that's sorely lacking.

Dyn was shut down by a distributed denial of service (DDoS) attack, part of a wave of increasingly larger and larger DDoS attacks, launched from hordes of otherwise innocuous "smart" internet-connected devices that have been hacked. We've seen DDoS attacks before, but nothing quite on this scale. As William Turton notes at Gizmodo:

This sort of attack is deeply different than the headline-grabbing DDoS attacks of years past. In 2011, hacker collective Anonymous rose to fame with DDoS attacks that pale in comparison to today's attack on Dyn. Instead of taking out an individual website for short periods of time, hackers were able to take down a major piece of the internet backbone for an entire morning—not once but twice. That's huge.

Security researcher Brian Krebs was, just last month, targeted by a then-record DDoS attack, which was then superseded by another attack on a French firm. How are the attacks getting so big, so fast? Krebs writes:

The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers. Last month, a hacker by the name of Anna_Senpai released the source code for Mirai, a crime machine that enslaves IoT devices for use in large DDoS attacks. The 620 Gbps [gigabits per second] attack that hit my site last month was launched by a botnet built on Mirai, for example.

In the past, major outages could be as much a matter of human error as carefulyl selected attack. But the attack on Dyn isn't a human failure so much as an infrastructure vulnerability, and one that's only expected to grow. The botnet attack that overwhelmed Krebs and French firm OVH convinces servers to overload each other with requests, and to exploit security protocols on public networks.

In a profile of the DDoS bot for F5, Liron Segal writes: “considering the low cost to maintain an IoT DDoS botnet, and referring to Gartner's forecast3 stating connected things…will reach 20.8 billion by 2020, we can assume the IoT infection vector to grow. We should anticipate DDoS attacks over 1 Tbps to become more common in the near future”

In the meantime, what can a user do? Find a different domain name server to start. Dyn's DNS servers are extremely popular, but they're not the only ones, and it's easy for users to seek out a different server that's not under attack. Daily Dot has a guide to getting around the Dyn outage. That will hold for now, but massive attacks, carried by Internet-of-Things things, will only stop when people stop making poorly secured Wi-Fi-connected juicers and Bluetooth-enabled umbrellas. At the very least, the companies that make smart egg-minders and cat-tracking water fountains need to continuously invest in security.

Then, and only then, will people who want to shut down the internet have to resort to physically hacking apart the internet with axes. John Lester



No comments:

Post a Comment