Considering how the media characterized the cyber attack that took down big swaths of the web last week, you’d think we experienced a near apocalypse. Well, don’t panic, folks. Amazon and Netflix are fine. It’s not the end of days or the beginning of a new cold war with hacks instead of nukes.
Continue Reading Below
Actually, what happened on Friday is nothing new. Here’s what happened, what we know and what, if anything, you should do about it.
Tens of millions of vulnerable web-enabled devices – mostly security cameras and DVRs – were unwittingly hijacked by malware and used to overwhelm key internet infrastructure provider Dyn with junk traffic, causing widespread outages on dozens of popular sites.
Turns out that these types of cyber assaults, known to the security world as distributed denial-of-service or DDoS attacks, are extremely common and have been around for decades. Network infrastructure company Verisign even writes a quarterly report on DDoS trends for the IT and online security communities.
And while the attacks on Dyn were apparently historic in scope, the Domain Name System (DNS) company was able to restore service within an hour or two of each of the three waves of attacks that took place that day. Nobody knows who was responsible, but security expert Bruce Schnieier says it was more likely cybercriminals or lone hackers than state actors like China or Russia.
Just last month, Schnieier foreshadowed such a catastrophic DDoS event in a remarkably prophetic post called Someone Is Learning How to Take Down the Internet. He likened recent probing attacks on critical web infrastructure companies in order to reveal their defenses to a tactic the U.S. used against Russia in the cold war. Still, he maintains that last week’s attack did not seem to be state sponsored.
If you’re anything like me, you’re probably wondering how countless devices can so readily be infected with malware, be used to bring a crucial part of the web to its knees, and cause widespread service outages at Twitter, Netflix, Amazon, Reddit, Spotify, Airbnb and PayPal, among others.
The answer may come down to a single piece of malware code and one or more Chinese manufacturers of video surveillance components that have been incorporated into hundreds of branded security camera and DVR products.
According to long-time computer security blogger Brian Krebs, the source code for a malware strain known as Mirai was recently released into the wild by the hacker who created it. Mirai searches the web for easily hackable Internet of Things (IoT) devices still set to factory default usernames and passwords and turns them into a botnet army to spam and overload individual websites or critical infrastructure targets.
Krebs says that researchers at venture-based security intelligence firm Flashpoint have at least partially pegged Friday’s attack on a Mirai-based botnet commandeering webcams and DVRs that use modules and circuit boards made by Hangzhou Xiongmai Technology Co. Although users can change login credentials, they usually don’t. Even if they do, Krebs says hackers can still get in through a backdoor coded into the components’ firmware.
Yesterday, Xiongmai reportedly announced that it would recall up to 10,000 webcams that may have been used in the hack. I’m not sure what that means, since Xiongmai’s website indicates that it only makes camera modules, not the devices themselves. Besides, the botnet was apparently comprised of millions, not thousands of devices, so I’m not sure of the relevance of the recall.
Which brings us to the enormous virtual elephant in the room: how do we protect ourselves from future attacks. There really is nothing users can do. ZDNET offers some tips for business IT managers to protect their servers and sites, as well as long-term solutions that include IoT vendors making their devices more secure and beefing up the internet’s DNS infrastructure.
That’s all well and good, but let’s not overlook the obvious. If Friday really was the historic or doomsday attack that the media has made it out to be, it seems like much ado about nothing to me. Dyn did a masterful job of minimizing the fallout and everything was back to normal in no time.
I don’t know about you, but this whole thing just leaves me scratching my head and wondering, is living without Twitter and Reddit for a few hours really such a hardship? If that’s the worst that can happen, so what? If Friday seemed like Armageddon, what does that say about our web-addicted culture?