I was trying to be productive this Friday afternoon by researching artificial intelligence libraries, frameworks and software on GitHub (and refreshing Twitter to see if LeSean McCoy will be active for fantasy football purposes) until today’s DDoS attack on Dyn got so bad that it completely shut down both websites. Since my intended productivity seemed unreachable, I decided to research DDoS, or distributed denial-of-service, cyber-attacks so I could explain it to my friends at happy hour and seem really smart.
Here are some questions that popped up during my research:
What is a DDoS attack?
A distributed denial-of-service (DDoS) cyber-attack consists of a hacker using unique IP addresses to send an enormous amount of requests to a network to the point that it overloads and shuts down. Most often, hackers use botnets (a connected group of computers controlled for malicious intent, unbeknownst to the owner) to send traffic to websites from thousands of different IP addresses to max out the websites’ capabilities and shut off access to visitors.
So are hackers performing DDoS attacks to all of these websites? Seems like a lot of work, Bro.
For this particular attack, hackers have gone after Dyn, an internet performance management company that provides online infrastructure to many major websites. Sites affected include Shopify, Box, Soundcloud, Netflix and Spotify in certain regions, and the aforementioned GitHub and Twitter, among many other websites. Dyn offers a domain registration service, so because the attack reached Dyn’s Managed DNS infrastructure, these sites were all simultaneously hit.
This has to be the largest-ever attack, right?
Recently, KrebsOnSecurity.com, a popular blog about cyber security was hit by a record DDoS attack. The attack on the blog came at 620 Gbps, nearly twice as large as the engineers at Akamai, a content delivery network, had ever seen. What makes this particular attack interesting is that the hacker scaled the attack by using the Internet of Things as the weapon of choice. Instead of using traditional botnets, the hacker used physical devices connected to the internet, which are much more vulnerable due to a lack of security, to send traffic to KrebsOnSecurity.com. So far it is unclear whether the current DDoS attack on Dyn is utilizing internet connected devices. Analysts are also still unsure of the magnitude of today’s cyber-attack, so the answer is simply, maybe.
Why target KrebsOnSecurity.com?
I found it interesting that a hacker would attempt to shut down a blog that I had never heard of before (no offense Brian Krebs, my ignorance, not your fault), but then I realized there is more to the situation than I initially realized.
The Krebs on Security attack came following… “Krebs’ publication of a story on which David Madory (of DYN) and Krebs collaborated. That story (as well as one published earlier this week, Spreading the DDoS Disease and Selling the Cure) examined the sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet has ever seen.”
Additionally, “The attack on DYN comes just hours after DYN researcher Doug Madory presented a talk on DDoS attacks in Dallas, Texas at a meeting of the North American Network Operators Group (NANOG). Madory’s talk — available here on Youtube.com — delved deeper into research that he and I teamed up on to produce the data behind the story DDoS Mitigation Firm Has History of Hijacks.”
Someone is directly targeting those speaking out about mitigating DDoS attacks. Either that or it is a large coincidence that these assaults took place shortly after the release of the article and presentation.
Does this mean that Die Hard 4, aka Live Free or Die Hard, is happening in real life?
When G2 Crowd Senior Software Engineer Hamed Asghari was asked to reveal his insights on the matter, he responded, “haha…I haven’t seen the movie so I couldn’t say,” leaving one author extremely disappointed.
While it’s pretty clear that this attack isn’t a stock-market crumbling, transportation-crippling attack meant to completely disrupt the tech-reliant society we’ve become, the overall intent behind the attack, and who may be responsible, remains unclear.
What does this mean for the future of IoT security?
Regardless of whether this current DDoS attack on Dyn is using Internet of Things devices, the conversation around IoT security should be greatly amplified. It is frightening to think in a near future that holds autonomous driving cars, smart houses, and entire cities connected to the internet, devices could be so vulnerable and easily compromised.
While the website outage may be causing annoyances to users, it does help bring up valuable questions regarding cyber-security moving forward. If anything, DDoS attacks are just now being brought to the attention of average, everyday internet users simply trying to stream their music or binge watch their latest shows. However, if we are going to become a smarter world in which all devices are connected to make our lives simpler, the first step will be mastering security.