On Friday, October 21st, internet sites around the US were attacked—some knocked completely offline—by what tech specials label a distributed denial of service (DDoS) attack. What’s even scarier is that one of your personal internet-connected devices could have been part of this attack without your knowledge.
This assault utilized 100,000 compromised ‘smart’ devices that connect to the internet via WiFi. Many were believed to be home surveillance web cameras with internet links. This malware-compromised army of devices attacked DYN, a Domain Name System (DNS) support company whose big name clients include Twitter, Reddit, Amazon, and others.
DDoS attacks occur when too many junk requests swamp a particular website, slowing it down or causing a crash. If thousands of individuals in the same instant try to connect with Twitter, for example, systems just can’t handle that many requests simultaneously. DDoS traffic can exceed 20 times the normal rates or more.
On October 21st, the result was that no one could connect during three waves of attacks on DYN. After wrapping up some initial research, the company’s Scott Hilton blogged, “We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets.”
Botnets are automated networks of malware-riddled devices. Mirai is the name of a new strain of malware capable of launching powerful DDoS attacks. A month earlier, this new malware knocked KrebsonSecurity.com, a blog about online security, offline using compromised routers, web cameras and DVRs. Shortly after its debut, Mirai’s authors released the malicious code on the dark web for anyone to use.
DDoS attacks are not new. This time, hackers hit popular sites including Twitter, PayPal, Etsy, Amazon and Netflix. In late 2012, the targets were Bank of America, Wells Fargo, Chase and PNC banks, shutting down financial sites for hours. The 2012 DDoS was traced to Iranian hackers. The new round appears tied to an unfounded rumor that Wikileaks leader Julian Assange had died.
Do Your Part To Secure Devices
With these attacks on the rise, research your own WiFi-connected devices to see if you’re contributing to the problem. These connected home devices are often referred to as the Internet of Things (IoT). Your computer modem, router, smart refrigerator, digital recorder and other enabled devices come with a default password. It could be simply ‘1234’. Have you changed it? What about your web camera? Don’t select a password you regularly use elsewhere.
With IoT devices, you should update your firmware whenever new patches come out. Set the system to auto update if possible. That goes for your computer’s operating system, too. Many brand new devices don’t hold the latest software, so check for patches before you connect.
If you have devices whose internet connections you can disable, consider the option. Tech savvy users can check out nmap.org for information on scanning their own network for security holes.
You may discover that some of your devices have passwords that cannot be changed. This seems to be a common thread in the latest IoT-connected attack. Security researchers traced some of the compromised products to components from Chinese company XiongMai Technologies. The company has expressed an interest in recalling millions of devices but it won’t always be practical. Many unsecured components have been integrated into much larger devices.
US Senator Mark Warner of Virginia in a recent letter to the chair of the Federal Communications Commission, wrote, “Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support.”
If you’re unable to customize device passwords, your only real alternative is a robust firewall between your network and the outside world.
Check your smart phone’s settings to search for WiFi networks within range to see whether you have any unsecured IoT devices. A simple search could turn up Dad’s unsecured Chromecast device, an LG refrigerator from Sears, or a device you didn’t know was WiFi-enabled.
After last month’s attack, the need for change is evident. DNY is hopeful that their really bad day will launch a much-needed conversation.
Hilton blogged, “Not only has it highlighted vulnerabilities in the security of the “Internet of Things” (IoT) devices that need to be addressed, but it has also sparked further dialogue in the internet infrastructure community about the future of the internet.”
The next time you cannot connect with a website, you may want to check out digitalattackmap.com. It records unusually high volume of DDoS attacks around the globe using an interactive display. It’s fascinating…and very scary.