Millions of surfers couldn’t access some of the most popular websites on the web on Friday, October 21st after hackers bombarded them with bogus traffic. DDoS attacks such as this one are not a new thing, but the extent of damage caused this time makes this one of the major DDoS attacks we’ve seen in a long time. The attack was targeted against Dyn Inc, a domain name system service provider which in turn crippled some of the most visited sites including Twitter, Reddit, Spotify, Etsy, CNN, and The New York Times. The hackers have supposedly used tens of millions of machines infected with malware to perform the attack out of which a big proportion is believed to be unsecured IoT devices such as security cameras.
Why IoT devices?
IoT devices are a new breed of small, connected gadgets that are increasingly getting popular. Being pretty new, users of these devices are not well aware of the security threats possessed by them. Many even use them with the factory given passwords, making things even worse. Security experts have been anticipating an attack targeted at exploiting IoT devices after a hacker released code that could be used to take over these small gadgets. Since these devices are huge in number and connected to the internet, the damage of the attack was massive.
Who’s behind the attack?
Brian Krebs, a popular computer security journalist wrote that the timing of the attack was right after Dyn released research on potential connections between companies that provide protection service against DDoS attacks and the hackers. Kreb’s website was also affected by a DDoS attack right after publishing the story. This makes us wonder if the motivation behind such attacks is just to push services like DDoS protection and bot detection. Bot detection services have also been recently spreading baseless fear among people about bots. You can read our previous article on why bot detection agencies are a FUD.
Although DDoS attacks don’t steal data, they can wreak havoc on the web. Their power and potential keep increasing with the number of connected devices across the web. As the world becomes more connected, the potential damage from a DDoS attack could be even worse.
Why DNS providers
DNS is used to translate the names of websites into their corresponding IP addresses that machines use to identify the websites. DNS has a design flaw that is used by hackers to send routine data requests from a machine, which would result in the system sending an enormous number of ping packets to the target websites. The hackers employ tens of thousands of compromised machines to perform this and this data flood would crash the targets in no time. Web servers are designed to handle simultaneous requests without failing, but not this abnormally high volume of requests. This will overload the server, leading to a complete shutdown.
When the DDoS attack is targeted towards the Domain Name System, the harm caused could multiply by several times. This is because these attacks compromise the back end technology rather than a few individual sites, making it more widespread and damaging.
How it’s done
DDoS attacks are done in several different ways, but the most common method involves creating botnets. A botnet is made of computers and/or connected gadgets in homes or offices that are compromised with malicious software. These botnets can hit the target servers with repeated requests upon the command of the hacker, leaving the target server non-functional. Botnets can be used to shut down even the most sophisticated web servers.
According to Dave Palmer, director of technology at Darktrace, the recent DDoS attacks were done by using Internet of Things devices, security cameras to be precise. This could be because of the unprotected nature of most security cameras that people use for home surveillance.
There was anticipation among the security community about IoT devices being used for hijacking people’s home appliances to conduct attacks. As the number of these gadgets keeps growing, the security threat they possess is also on the rise. It is important to secure these IoT gadgets just like computers or other smart devices. The only effective way to prevent DDoS attacks is to improve the overall security awareness of the consumers and this task is becoming harder as more and more connected devices are popping up every day. The recent attack stresses the danger of leaving millions of small gadgets unprotected.