Connected Gadgets Blamed for Friday Attack
Vulnerable internet-connected devices such as cameras and digital video recorders may be to blame for the attack that took down some of the world’s most popular websites on Friday, according to Bloomberg. Malware that targets the “internet of things” may have powered the global attack, according to Brian Krebs, a well-known journalist covering computer security. Poorly secured devices may have been compromised and turned into a “botnet” that powered the attack, he wrote.
Millions of internet users lost access to some of the world’s most popular websites on Friday as hackers hammered servers along the U.S. East Coast with phony traffic until they crashed, then moved westward. The attackers hit Dyn Inc., a provider of Domain Name System services, taking down sites including Twitter, Spotify, Reddit, CNN, Etsy and the New York Times for long stretches of time. By Friday evening, Dyn said it had stopped the hacks.
Security professionals have been anticipating more attacks from malware that targets the “internet of things” since a hacker released software code that powers such malware, called Mirai, several weeks ago. Kyle York, chief strategy officer of Dyn, said the hackers launched a so-called distributed denial-of-service (DDoS) attack using “tens of millions” of malware-infected devices connected to the internet.
Dyn first reported site outages relating to the DDoS attack around 7:10 a.m. New York time on Friday. The company restored service two hours later, but was offline again around noon, as another attack appeared to be underway, this time affecting the West Coast as well.
Sites were affected as far away as Australia by a second wave of attacks that began at around 1 a.m. Sydney time on Saturday and lasted about five hours, said Dave Anderson, a London-based vice president of marketing at Dynatrace LLC, which monitors the performance of websites. At the peak of the attack, average DNS connect times for 2,000 websites monitored by Dynatrace went to about 16 seconds from 500 milliseconds normally.
The practice often is employed by groups of hackers. In 2012, a DDoS attack forced offline the websites of Bank of America Corp., JPMorgan Chase & Co., Citigroup Inc., Wells Fargo & Co., U.S. Bancorp and PNC Financial Services Group Inc. Dave Palmer, director of technology at U.K. cybersecurity company Darktrace, said the most recent DDoS attacks have been linked to internet-of-things devices, in particular web cams.