Okay, maybe not your refrigerator, but according to the people who are gradually figuring out just what hit Dyn, one of the backbone domain name system corporations in the United States, what happened involved millions of devices sending requests to the same place at the same time.
The current assault against Dyn is one of the simplest in a hacker’s playbook. The distributed denial of service attack (DDoS) doesn’t require breaking into a target’s computers or finding any secret weakness. Instead, it involves simply pummeling them with so much traffic they can’t possibly keep up. Hackers executing a DDoS call upon millions of machines under their control and command them to ask the target for so many things all at once that the target all but melts down under the strain.
Those millions of machines in this case, the smart devices in the “Internet of Things” that are connected to the larger whole, are known as “zombies.” They aren’t actual computers like we think of them, but involve computerized parts and coding. Items like smart refrigerators, stoves, dishwashers, DVRs, and on and on. In this specific attack, the people doing the digging to figure out what happened claim that the zombies involved are infected with a piece of malware – malicious software – that doesn’t interfere with the running of the device, but will start sending connection requests upon command.
That, the people of the geek-o-sphere tell us, is what happened.
We’re told gadgets behind tens of millions of IP addresses were press-ganged into shattering the internet – a lot of them running the Mirai malware, the source code to which is now public so anyone can wield it against targets.
The specific Mirai malware tool – THAT ANY HACKER CAN USE SINCE THE CODE IS PUBLIC – is called a botnet. And that specific botnet works with electronics weaknesses that are found EVERYWHERE.
Mirai powered the largest ever DDoS attack ever, spawning a 620Gbps DDoS against KrebsOnSecurity. Source code for the malware was released on hacker forums last week.
The malware relied on factory default or hard-coded usernames and passwords to compromise vulnerable IoT devices such as insecure routers, IP cameras, digital video recorders and the like.
PenTestPartners, the UK security consultancy behind numerous hack on Iot devices ranging from Wi-Fi enabled kettles to cars, said that the botnet finally illustrates the consequences of IoT vendors cutting the corners on security.
“We’ve said many times previously that IoT would make for the perfect botnet: Easy to compromise, hard to patch and the owner likely won’t ever have a clue that they’re part of the botnet,” PenTestPartners notes.
Essentially, the smart world that we live in was used against the Internet upon which we have all come to depend. And the malware was sent out into the wild to prey on the smart devices that still have factory original passwords. Popular Mechanics has a great explanation.
Designed to target the Internet of Things specifically, Mirai can scoop up connected devices and add them to a botnet simply by attempting to log into them with their factory-default username and password…
The Mirai code focuses on all kinds of smart devices including cameras to internet-connected fridges, but its bread and butter is DVRs. Of the nearly 500,000 devices known to be compromised by the Mirai malware, some 80 percent of them are DVRs, according to an in-depth investigation of by Level 3 communications.
So, to help keep internet attacks like the one on Friday, October 21, 2016, to a minimum, ALWAYS change factory passwords on smart devices.
As of this writing, whoever gave the order to send massive amount of information at Dyn is not known. However, probing for weaknesses in the security measures that American internet backbone companies are using has been observed for months. Somebody out there is trying to gauge what it will take to cause massive disruptions. Friday may have been a test run to find out how fast Dyn could identify the problem and recover. Three separate, and distinct attacks happened during the day, and by the third, they were watching for it.
This sort of interruption in internet availability is sure to continue until the public is educated to change the passwords on smart devices. This may not be a government induced test or hack at all. That doesn’t mean it’s going to stop.
For a great compilation of info, go to The Register out of the U.K.