Attacking Domain Name Service-Provider, that was hard!
As Mashable websites mentioned, At Dyn, the domain name service provider hit with a massive distributed denial of service attack on Friday that shut down a huge chunk of the internet, the company hasn’t said much about its investigation. But others have unearthed new leads that may point to the perpetrators.
Of course, the attack was so massive that the results of the investigation may not help prevent another attack. Sure, you can reinforce your windows and put a bolt on the door, but what good will that does against an innumerable number of invaders?
The attack that jammed the internet
Friday’s DDoS attack on Dyn came in three waves that left the internet reeling.
Dyn allows internet users to access a range of hugely popular sites such as Twitter and Spotify, and the attack on Dyn left major websites dealing with outages and extreme slowness.
A distributed denial of service attack is when an onslaught of web traffic overwhelms a server so everyday users are unable to access it.
“The nature and source of the attack are under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations,” Kyle York, Dyn’s chief strategy officer, wrote in a company blog post on Saturday.
The investigation points to attention-seeking hackers
Adam Coughlin, Dyn’s director of corporate communications, told Mashable the company “should” have completed a “root cause analysis” by mid-week.
“At this point, we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses,” York wrote in a blog post.
But while Dyn isn’t revealing many details, the cyber security firm Flashpoint released more information on Tuesday about who might be behind the attack.
Flashpoint, a company that has provided analysis to Dyn, found that the hacker or group of hackers who attacked the site on Friday also targeted a video game company.
“We look at a lot of different DDoS attacks that happen, and political actors don’t attack video game companies, generally,” Allison Nixon, Flashpoint’s director of security research at Fl Security Research, told Mashable.
Researchers also doubt the hack was intended for financial gain since hacks for money usually target Bitcoin exchanges or gambling sites.
instead, early signs point to a hacker or a group of hackers who just wanted to show off. “They’re trying to show how powerful they are, and how else do you show how powerful you are then taking down someone that’s powerful,” Nixon said.
According to Tuesday’s report, Flashpoint believes they’re “likely connected to the English-language hacking forum community, specifically users and readers of the forum hackforums.net.”
The attacker used a type of malware called Mirai, which hacks poorly protected devices and uses them to hurl junk data at whatever the attacker wants.
A hacker who goes by the handle Anna-Senpai released the Mirai source code earlier this month on hackforums.net, making it accessible to anyone. This means it is more difficult to track down the person who directed the operation, as any hacker could have put the code to work.
The attack was similar to recent DDoS attacks against the security blog Krebs on Security as well as OVH, a French “internet service hosting provider.” Flashpoint has said similar types of attacks often originate from users of hackforums.net.
Friday’s attack, though similar, involved devices that were “separate and distinct” from the devices used in the other digital assaults.
The investigation only matters up to a point
The size of the attack leveled at Dyn makes it unclear how useful the company’s post-mortem will be, because it likely can’t bolster its cyber defense quickly enough to prevent such a massive assault.
Friday’s attacker hijacked millions of “Internet of Things” (IoT) devices such as DVRs and video recorders, and had those devices flood Dyn with data. Dyn doesn’t control those cameras, and experts said many of those devices can’t be patched, meaning someone can simply hack them again and again to launch new assaults.
“This is the internet of largely un-patchable things,” Joshua Corman, the director of The Atlantic Council’s Cyber Statecraft Initiative, told Mashable. “Unless you take them out of service, these [devices] can be repeat offenders for the life of the internet.”
Even if companies get better at mitigating large DDoS attacks, it will be difficult to scale at the rate at which the number of hackable devices increases. According to Intel, by 2020 there will be 200 billion objects connected to the internet. That’s up from 2 billion in 2006.
Due to the sheer number of devices, the attackers have a significant advantage. The more devices they can use in the attack, the more powerful the attack will be.
In the coming days and weeks, investigators will no doubt explore how they were exploited, how the attack was carried out and the effectiveness of their response to the attack. Cybersecurity experts said Dyn will likely want to take stock of what vulnerabilities could be strengthened in case the company again falls victim.
Can major DDoS attacks be stopped?
These kind of attacks are likely to continue as long as millions of IoT devices remain hackable.
Companies might be able to do a few things to mitigate the damage, but they can’t stop manufacturers from making hackable devices, and they can’t highhandedly educate the public about enhancing the security of every device hooked up to the IoT.
“I’m not saying every user should be a security expert and figure out how to reconfigure their toaster or whatever,” Zach Lanier, director of research at Cylance, a cyber-security firm, told Mashable. “But there are some basic practices that users can do to make sure their IoT devices aren’t accessible.”
Krebs on Security suggests resetting IoT devices such as wireless routers and IP cameras to their factory settings, which is often just a matter of finding a reset button on the device. This wipes out any malware already on the device.
But it could be reinfected in minutes, so you’ll need to quickly reset the device’s default password.
Googling the device’s make and model should turn up a web address and a factory default username-password combo. Typing that into a web browser should take you to the device’s “administration panel,” where you can reset the password, Krebs on Security reported.
Until many IoT device owners get on top of security, we should all expect some more slow days on the internet.