Friday morning of this past week a number of popular websites went offline as a massive cyber attack took down Netflix, Twitter, Spotify, Reddit, The New York Times, Pinterest, PayPal and other major hubs. So, what caused this to happen? Apparently the attack was enabled through a Mirai botnet. And it was able to hack into connected home devices such as security cameras and digital video recorders.
Security intelligence company Flashpoint claimed to have pinpointed the culprits. They are calling it a 'distributed denial of service attack'. It targeted Dyn, which is a large domain name server. Flashpoint had this to say in a report from Engadget.
"Flashpoint has observed Mirai attack commands issued against Dyn infrastructure. Analysts are still investigating the potential impact of this activity and it is not yet clear if other botnets are involved."
Flashpoint went onto explain that the infrastructure used in Friday's DDoS attack was partially made up of comprised cameras and other digital devices that are capable of connecting to the Internet. This is an ever-growing category of interconnected products and appliances which makes up the phenomenon being referred to as 'The Internet of Things', or rather IoT.
Basically, the hackers scoured the internet for IoT devices using the Mirai malware before initiating an automated mechanism that attempted to compromise a number of different electronics, using their default factory set passwords. The hacked devices formed a series of 'botnets', a series of connected nodes that were harnessed in order to overload Dyn with traffic and disrupt the DNS services. Dyn Chief Strategy Officer Kyle York had this to say.
"It's just so darn distributed. Literally, picture tens of millions of things attacking a data center. No matter the size and scale of the independent things, tens of millions of anything make up something large. And that's the complexity of this."
Flashpoint does not label Mirai as a new hacking tool. It was used to take down popular security researcher Brian Krebs' own site back in late September. And it peaked at a nearly unprecedented 620 Gbps. As it is explained, Mirai is capable of breaching weak security protocols on IoT devices. Where Brian Krebs is concerned, 145,000 devices were hacked including private security cameras and DVRs in offices and homes in various locations throughout the entire planet.
Security experts have been warning websites that a possible large-scale cyber attack was on the way ever since the creator of the Mirai malware delivered it with an open-source code. At this time, Dyn has attempted to stem the Friday attack on its own servers. At 12:30 PST, the company announced that the third wave of the attack was underway. Says Chief Strategy Officer Kyle Owen.
"We are actively in the third flank of this attack. It's a very smart attack. As we mitigate, they react."
It was announced at 3:15 Friday afternoon that Dyn had resolved the third wave of the attack. At this time, those responsible for the attack have not been brought to justice. At a briefing Friday afternoon, White House press secretary Josh Earnest stated that FBI and Department of Homeland Security officials are "monitoring the situation" and "investigating all potential causes."