Friday saw many of the web’s largest website suffer outages, when a major internet infrastructure company was struck by a large-scale distributed denial of service (DDoS) attack coming from unlikely sources.
Millions of people, most notably those on the US’ eastern seaboard, were unable to access websites ranging from Twitter to the New York Times to Reddit on Friday morning, after DNS service provider Dyn was targeted with a DDOS attack.
The downtime caused much consternation amongst web users unable to catch up on the latest news over their morning bowl of cornflakes, but more than that – it demonstrated very clearly the fragility of the systems that many of us now rely on for everything from buying groceries to finding driving directions. If attacking one company can make the likes of Spotify, Airbnb and the Boston Globe offline for millions of people for hours at a time, then we need to ask serious questions about whether the infrastructure is sufficiently resilient to underpin so much of our daily lives.
DDOS attacks have been an avenue of attack against online services since the early days of the web due to their simplicity. They involve overloading servers by flooding them with more requests than they can handle, and the method has been used in the past to bring down websites of everyone from Sony to PayPal.
While most DDOS attacks target specific websites or companies, the DNS infrastructure provides a bottleneck that if targeted by such an attack can take down tens of thousands of sites at once. In providing parts of the DNS infrastructure, Dyn faces DDOS attacks on a regular basis, and has technological measures in place to mitigate them, with the effect that they do not interfere with people’s access to their favourite websites.
Dyn has provided little information about today’s attack, other than it came in three major waves. However, from the fact that it was able to overwhelm Dyn’s hardened infrastructure shows that the attack was probably impressive in scale.
Large-scale DDOS attacks utilise botnets, where thousands or even millions of malware-infected PCs around the world work together under the control of a single person or group to bombard its target with requests and bring servers to their knees. Many of these botnets have emerged in recent years and they are made available on the dark web to the highest bidder – often rented by the hour.
Computer security firms work constantly to bring down these botnets, but as long as people continue to connect their computers to the internet without firewalls or up-to-date antivirus and open attachments from strangers, then new botnets will continue to emerge.
While unprotected PCs make up the nodes in most botnets, a new type of botnet has emerged in recent months where the nodes are instead made up of various internet of things devices, such as webcams, DVRs, routers, and even internet-connected toasters or thermostats. One IoT botnet known as Mirai was recently responsible for a massive 620 Gbps DDoS against KrebsOnSecurity, a popular security blog by security researcher Brian Krebs, which is believed to be the biggest DDOS in history.
The source code for the Mirai botnet was recently released online, and so security firms have speculated that more Mirai-based attacks may soon strike. Initial reports indicate that Friday’s attack on Dyn is one such example, with security firms Flashpoint and Akamai detecting Mirai bots driving much of the traffic in the attacks.
New technologies have already appeared on the market that offer protections for home networks of IoT devices, but the important thing to take away from today is that we now live in a world where your DVR and internet-connected thermostat can be used as weapons to bring down global infrastructure. Think about that.