The highly successful Distributed Denial of Service (DDoS) Mirai attack of October 21, 2016 impacted a number of highly popular websites on both coasts of the United States. The attack was aimed at Dyn, a Domain Name Server (DNS)-routing company in New Hampshire. Dyn is responsible for maintaining a part of the Internet that functions more or less like a ‘switchboard’; routing domain requests is a key, vulnerable choke point, as was proven by the consequences of the attack.
The attack was executed by a botnet, called Mirai which is a collection of ‘captive’ devices, such as webcams and baby monitors. The botnet generated by tens of millions of IP addresses overloaded the system resulting in the massive outage.
The attack was quite sophisticated and looked at first like it had been orchestrated by a nation state, or at least supported by one. Later on, Internet security organizations declared that the attackers were most likely members of “hackforums[.]net”, an English-language hacking forum community.
The attackers were apparently easily able to take advantage of the fact that the burgeoning Internet of Things (IoT), like most things associated with the Internet, was not designed with any kind of serious security in mind. Devices of all types are cropping up on the Internet, providing lucrative targets for attackers to exploit. Manufacturers simply did not believe that a single webcam is a tempting-enough target for hackers to spend time over. They were painfully wrong. Many of these devices are built with security holes that the user cannot correct. Some manufacturers recognize the problem and are doing something about it. For example, one Chinese manufacturer of web cams, XiongMai, is going so far as to recall its products so it can ‘fix’ the security hole exploited by the attackers.
What can you do about it?
TAL Global is a full-scope security firm working with clients in the cyber and physical worlds to minimize risks and optimize security – around town, and around the world. We welcome your questions and will be happy to learn your organization’s special needs.