If you woke up last Friday distraught and asking what the world has happened as major internet websites and services were unavailable, you are not alone. Gizmodo reported that half the internet was shut down because DNS provider Dyn was under massive DDoS attack.
Alex Fitzpatrick summed this unfortunate incident in his report in Time, "A massive DDoS attack against a major DNS service likely using a botnet of IoT devices resulted in Internet issues across the eastern United States Friday, making it hard for many users to access their favorite sites."
What attacked what?
If that wasn't clear to you, let's take those terms one by one.
A DNS or "domain name system" is basically the internet's phonebook. While you identify us with the URL (uniform resource locator), universityherald.com, our site like all other sites, have a numeric address. When you search for us online, your browser actually uses a DNS to match our URL with the our numeric address to bring you to the right place.
In a DDoS or "Distributed Denial of Service" attack, the target is flooded with massive data, often bogus requests, to overload the system and know the service offline. There are different types of DDoS attacks but this is the simplest concept.
Botnet, tech speak for "robot network" is a network of computers and similar devices under the control of one user. This is often done by hackers using malware to infect electronic devices and gain access without users knowing. When hackers get enough computers infected in their botnet, they can simply point to the target and proceed with DDoS. Access to botnets are sold in the dark web.
The Internet of Things or "IoT" refers to all sorts of gadgets that can connect to the internet. This include self-driving cars, smart TVs, electronic wearables and many others, many of which, security experts believe are not being properly secured. It is also suspected that the botnet used last month in a major DDoS attack was used on Dyn.
Given all that, we can say that a hacker or a group of hackers can use tons of devices to dump massive amount of data to any target till it becomes flooded and unreacheable.
The hackers used a software called Mirai to infiltrate devices. The Register's Chris Williams reports that Mirai was initially used to hack the website of cybercrime blogger Brian Krebs offline last month. The Mirai code has since been leaked.
"Mirai spreads across the web, growing its ranks of obeying zombies, by logging into devices using their default, factory-set passwords via Telnet and SSH. Because no one changes their passwords on their gizmos, Mirai can waltz in and take over routers, CCTV cameras, digital video recorders, and so on." Williams said.
They all went down
There have been 3 tremenduos waves of attack on Dyn but the firm has released a statement acknowledging the support of both their team and customers and disclosed that the matter is being investigated.
Dyn's Kyle York, Chief Strategy Officer wrote that, "At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack."
Dyn is said to serve 6% of America's Fortune 500 companies, making it a valuable target.
Gizmodo listed websites that were affected by last Friday's attack:
ActBlue
Basecamp
Big cartel
Box
Business Insider
CNN
Cleveland.com
Etsy
Github
Grubhub
Guardian.co.uk
HBO Now
Iheart.com (iHeartRadio)
Imgur
Intercom
Intercom.com
Okta
PayPal
People.com
Pinterest
Playstation Network
Recode
Reddit
Seamless
Spotify
Squarespace Customer Sites
Starbucks rewards/gift cards
Storify.com
The Verge
Twillo
Twitter
Urbandictionary.com (lol)
Weebly
Wired.com
Wix Customer Sites
Yammer
Yelp
Zendesk.com
Zoho CRM
Credit Karma
Eventbrite
Netflix
NHL.com
Fox News
Disqus
Shopify
Soundcloud
Atom.io
Ancersty.com
ConstantContact
Indeed.com
New York Times
Weather.com
WSJ.com
time.com
xbox.com
dailynews.com
Wikia
donorschoose.org
Wufoo.com
Genonebiology.com
BBC
Elder Scrolls Online
Eve Online
PagerDuty
Kayak
youneedabudget.com
Speed Test
Freshbooks
Braintree
Blue Host
Qualtrics
SBNation
Salsify.com
Zillow.com
nimbleschedule.com
Vox.com
Livestream.com
IndieGoGo
Fortune
CNBC.com
FT.com
Survey Monkey
Paragon Game
Runescape
DHS issues a warning
According to Reuters, "The Department of Homeland Security last week issued a warning about attacks from the Internet of Things, following the release of the code for Mirai."
Renowned technology security expert Bruce Schneier has also written about national entities trying to take down the internet.
Presidential spokesperson Josh Earnest said that the White House is aware of the situation and that the DHS was "monitoring" the attacks and at present they have not provided information who was behind these attacks.
