Reuters - Hackers
unleashed a complex attack on the internet through common devices like webcams
and digital recorders and cut access to some of the world's best known
websites
on Friday, a stunning breach of global internet stability.
The attacks
struck Twitter, Paypal, Spotify and other customers of an infrastructure
company in New Hampshire called Dyn, which acts as a switchboard for internet
traffic.
The
attackers used hundreds of thousands of internet-connected devices that had
previously been infected with a malicious code that allowed them to cause
outages that began in the Eastern United States and then spread to other parts
of the country and Europe.
"The
complexity of the attacks is what’s making it very challenging for us,"
said Dyn’s chief strategy officer, Kyle York. The U.S. Department of Homeland
Security and the Federal Bureau of Investigation said they were investigating.
The
disruptions come at a time of unprecedented fears about the cyber threat in the
United States, where hackers have breached political organizations and election
agencies.
Friday's
outages were intermittent and varied by geography. Users complained they could
not reach dozens of internet destinations including Mashable, CNN, the New York
Times, the Wall Street Journal, Yelp and some businesses hosted by Amazon.com
Inc.
Dyn said
attacks were coming from millions of internet addresses, making it one of the
largest attacks ever seen. Security experts said it was an especially potent
type of distributed denial-of-service attack, or DDoS, in which attackers flood
the targets with so much junk traffic that they freeze up.
VULNERABILITIES
EXPLOITED
Dyn said
that at least some of the malicious traffic was coming from connected devices,
including webcams and digital video recorders, that had been infected with
control software named Mirai. Security researchers have previously raised
concerns that such connected devices, sometimes referred to as the Internet of
Things, lack proper security.
The Mirai
code was dumped on the internet about a month ago, and criminal groups are now
charging to employ it in cyber attacks, said Allison Nixon, director of
security research at Flashpoint, which was helping Dyn analyze the attack.
Dale Drew,
chief security officer at communications provider Level 3, said that other
networks of compromised machines were also used in Friday's attack, suggesting
that the perpetrator had rented access to several so-called botnets.
The
attackers took advantage of traffic-routing services such as those offered by
Alphabet Inc's Google and Cisco Systems Inc's OpenDNS to make it difficult for
Dyn to root out bad traffic without also interfering with legitimate inquiries,
Drew said.
"Dyn
can't simply block the (Internet Protocol) addresses they are seeing, because
that would be blocking Google or OpenDNS," said Matthew Prince, CEO of
security and content delivery firm CloudFlare. "These are nasty attacks,
some of the hardest to protect against."
GOVERNMENT
WARNED OF ATTACKS
Drew and
Nixon both said that the makers of connected devices needed to do far more to
make sure that the gadgets can be updated after security flaws are discovered.
Big
businesses should also have multiple vendors for core services like routing
internet traffic, and security experts said those Dyn customers with backup
domain name service providers would have stayed reachable.
The
Department of Homeland Security last week issued a warning about attacks from
the Internet of Things, following the release of the code for Mirai.
Attacking a
large domain name service provider like Dyn can create massive disruptions
because such firms are responsible for forwarding large volumes of internet
traffic.
Dyn said it
had resolved one morning attack, which disrupted operations for about two
hours, but disclosed a second a few hours later that was causing further
disruptions. By Friday evening it was fighting a third.
Amazon's web
services division, one of the world's biggest cloud computing companies,
reported that the issue temporarily affected users in Western Europe. Twitter
and some news sites could not be accessed by some users in London late on
Friday evening.
PayPal
Holdings Inc said that the outage prevented some customers in "certain
regions" from making payments. It apologized for the inconvenience and
said that its networks had not been hacked.
A month ago,
security guru Bruce Schneier wrote that someone, probably a country, had been
testing increasing levels of denial-of-service attacks against unnamed core
internet infrastructure providers in what seemed like a test of capability.
Nixon said
there was no reason to think a national government was behind Friday's assaults,
but attacks carried out on a for-hire basis are famously difficult to
attribute.
Reuters
Follow Solenzo Blog on
0 Comments