An army of infected gadgets — like nanny cameras — overwhelmed a critical Internet service provider on Friday, knocking many large Internet companies offline. The firm at the middle of the attack, New Hampshire-based Dyn, said late Friday that it is enduring a third wave of digital onslaught. Dyn said late Friday that all issues were resolved, and it had successfully beaten back a third wave of attacks. It’s unclear if the attacks are finished, or merely paused, however
In a conference call with reporters on Friday, the firm said an army of infected Internet of Things devices was flooding its services with traffic. As a result, traffic was coming to the firm from “tens of millions of IP addresses at the same time,” the firm said , according to CNBC.
Computer security firm Flashpoint reported that Dyn was the victim of an attack orchestrated by criminals using malicious software called Mirai. It searches the Internet looking for gadgets that are protected only by default passwords or simple passwords, infects them, and then assembles them into a botnet that can be used for attacks like this.
The source code for Mirai was made public earlier this month. Two days ago, Threatpost reported that the number of Mirai-infected devices had — predictably — soared since the release.
“The number of compromised CCTV cameras, DVRs, home networking equipment overrun by Mirai has more than doubled from 213,000 to 493,000,” it said.
All those compromised “smart” locks and refrigerators could be used to attack a computer server by overwhelming it with requests, which is apparently what’s happening to Dyn right now. At the moment, it’s unclear what Dyn can do to free itself from the attack, which the firm described as sophisticated and well planned.
“What they’re actually doing is moving around the world with each attack,” Dyn Chief Strategy Officer Kyle York said in a conference call Friday afternoon, CNBC reported.
Dyn offers managed Domain Name Service hosting, which allows companies to geographically disperse their critical DNS services. DNS is the Internet’s addressing system, connecting cryptic IP addresses to common names like BobSullivan.net. DNS can be a bottleneck, so some larger websites outsource DNS services to firms like Dyn.
The attack, which is ongoing, come as a tense election season draws to a close and rhetoric about potential hacking incidents impacting the presidential campaign continues to escalate. There is no evidence to connect this attack to the election, but jittery voters were drawing the inference anyway.
Gizmodo is maintaining a list of sites that readers complain have been unavailable. It includes sites like Reddit and Wired.com
In a preliminary report on the incident, Dyn said the initial attack impacted mainly the east coast, but a second attack “was distributed in a more global fashion. Affected customers may have seen intermittent resolution issues as well as increased global latency.”
The firm said full service was restored at about 6:30 p.m. ET.
“A more in-depth analysis will be distributed in the form of a Root Cause Analysis report at a later date,” it said.
If you’ve read this far, perhaps you’d like to support what I do. That’s easy. Sign up for my free email list, or click on an advertisement, or just share the story.
| Tweet this story |
Follow @RedTapeChron |
Be the first to comment