Last Friday, millions of Internet users were not able to access their favorite web sites. Hackers attacked Dynamic Network Services Inc., known as Dyn, a company that acts as if it were a giant telephone directory. Crudely put, Dyn translates IP addresses into the plain domain names (DNS) language all of us can understand. There are hundreds of DNS operators around the world; Dyn just happens to be one of the leading players in the sector. Dyn is a private company.
The hackers used botnets, compromised devices sending malicious network traffic to their targets, through “Mirai.” Mirai is a well-known, self-spreading malware for Internet of Things (IoT) devices. (Source: “How one rent-a-botnet army of cameras, DVRs caused Internet chaos,” Ars Technica, October 25, 2016.)
Advertisement
The hackers deployed their attack by hammering Dyn with a distributed denial-of-service (DDoS) attack. This involves malware directed in a constant and heavy flow to overload the system, slowing it down as much as possible. Eventually, the overload blocks all activities. The three waves of DDoS attacks on Friday knocked out the Dyn systems, making it impossible to connect to sites managed by the service.
In practice: sites like Netflix, The Guardian, and others (who were regularly online) can be considered as direct telephones connected to Dyn. Dyn knows each site’s name (DNS) and its number (IP address). But with Dyn’s systems knocked down, it no longer had access to that information. When users attempted to visit their favorite web sites, Dyn was unable to match any name with its number.
The result was that many users could not open Twitter, Spotify, Amazon or eBay. It seems that the IoT may have facilitated the cyber attack. Hackers have apparently taken advantage of a flaw in the Internet of Things, said Dyn. Regulators will probably have to address this issue soon, as everything from your “Maytag” refrigerator to measuring instruments controlling industrial processes become ever more connected to the Web.
By targeting Dyn, the hackers did not need to hit individual web sites. They had a one-stop shop, because Dyn redirects flow to Internet hosts. A concerned U.S. government has been investigating the October 21 cyberattacks in the United States. The repercussions, however, are clearly global. The attack was isolated to one day on Friday and over the past week, it seemed as if such activity had ceased—for now.
Clearly, this cyber version of a “sharknado” has shown how vulnerable the Internet has become to sabotage. Indeed, the phenomenon is neither new nor unprecedented. The malware, Mirai, has been used before, just not to this extent. The IoT danger comes because Mirai is invisible to IoT devices. So, while computer users can detect a problem on screen (and fix it), the web-controlled fridge, home alarm system, or industrial monitoring device does not. Now, apart from going after the culprits, the big issue is what Dyn—and others like it—can do to protect itself and us. The increasing interconnectivity of people and devices makes us more vulnerable to a “Robocop”-like scenario.
