Today’s post in our series for National Cyber Security Awareness month was supposed to be completely different… but we called an audible, because we think it’s important to talk about what happened last Friday.
We see the irony, that in the middle of a month dedicated to cyber security and awareness, hackers were able to pull off an attack that crippled extremely popular parts of the Internet. Sites like Twitter, Amazon, and Netflix were slow and even inaccessible for a large chunk of time.
Information on what was happening was pretty thin at first, but a couple days later we have some answers. We still don’t know exactly who is responsible for this attack, and we may never, but here’s what we do know:
Distributed Denial of Service (DDoS) Attack
The hackers responsible used a network of compromised “Internet-enabled devices” (sometimes called a “botnet”) to execute a distributed denial of service (DDoS) attack on a major provider of DNS services. The attack was notable for a few reasons beyond just its size and effects. First, it was executed using publicly available source code. This isn’t particularly unusual these days, but it is still noteworthy. The people behind this attack (and many others) don’t need to be particularly sophisticated technically. Once attack tools like the ones employed here are made publicly available, it takes a relatively low level of skill to re-use them. Second, the “Internet-enabled devices” bit above is very important, but we’ll get to that in a bit.
The meat of this attack instructed the devices in this botnet to send wave after wave after wave of bogus requests to the Domain Name Servers of a company called Dyn. For those who may not know, DNS is basically like a switchboard for the Internet. Remember those TV shows where there was a person behind the scenes when you made a call that would connect you to the right line to get you where you needed to be? Essentially that’s what a Domain Name Server does, it lets your computer connect to the website that you’re looking for. While Dyn is relatively unknown outside of technical circles, they provide services critical to some of the biggest names on the Internet, which is why it was pretty close to impossible for users to connect to their favorite websites on Friday.
When we say wave after wave after wave, we aren’t exaggerating. Dyn was hit with three different attacks, but according to their Chief Strategy Officer Kyle York, only the first two actually caused customers to see a difference in their Internet connectivity. The third was handled by their team without any notice to customers, other than seeing news reports of a third attack. These attacks can almost be compared to a traffic jam on a toll booth. Imagine a toll booth designed to let five cars through at a time, but suddenly has 500 cars trying to go through. The toll booth can’t handle that, causing it to essentially shut down, and not let anyone through.
Okay, well now here we are a week later, our favorite sites are working and we can tweet, binge watch and shop away.
Why is this still important?
It’s important because of the means these hackers employed. So-called botnets of Windows PCs are old hat at this point. This attack, however, leveraged many different types of network-enabled devices from cellphones, to security cameras, to smart thermostats, or even the computer embedded in your new refrigerator. This sort of attack using “Internet of Things” (IoT) devices is an increasing and worrying trend that we should expect to hear more about- while companies like Microsoft and Apple that make software for traditional computers have improved their security dramatically over recent years, many lower-end smartphones and various other things like the aforementioned security cameras and refrigerators don’t get nearly the same frequency of security updates, making them ripe targets for hackers.
Having everything you own hooked up to the Internet and controllable from your smartphone is obviously extremely helpful. But, it is also important to understand that many of these technologies are new and that there are certainly risks involved. Some basic, common sense things that you can do to protect yourself:
- Make sure that default username and passwords are changed on all of your devices- security cameras, Wi-Fi routers, etc.
- Use devices from reputable vendors that regularly issue software updates for their products
- Discontinue using products that no longer get security updates- yes, this includes old smartphones!
Finally, there is also a growing conversation around the lack of security regulations or standards around the “Internet of things”, potentially contributing to some of these issues. There isn’t one central group responsible for the safety and security of the Internet or of verifying the security of devices that are increasingly running the physical world (e.g., thermostats and refrigerators.) As of now it’s generally up to each individual manufacturer and service provider to make sure their software and devices are secure. But is that enough?
We certainly aren’t going to dive into all of the politics behind this, but the New York Times offers up a good take on a new era of internet attacks powered by everyday devices, and we want to hear your thoughts.
And just in case you want to read what Dyn had to say, here is their statement released after the attack.