Perpetrator of Friday’s Internet Outage Comes Clean

| Cool Stuff Found

OMG…gasp…can’t stop…gasp…omg…the laughter…

5 Comments Add a comment

  1. BurmaYank

    How a Bunch of Hacked DVR Machines Took Down Twitter and Reddit

    And Spotify, and Github, and The New York Times.

    David Litt – The Atlantic – Oct 21, 2016

    What began as a two-hour morning outage spanned well into the afternoon as Twitter, Reddit, Spotify, Github, and many other popular websites and services became effectively inaccessible for many American web users, especially those on the East Coast.

    The websites were not targeted individually. Instead, an unknown attacker deployed a massive botnet to wage a distributed denial-of-service attack on Dyn (pronounced like dine), the domain name service (DNS) provider that they all share.

    A … DDoS, is not an uncommon attack on the web… But according to reports, Friday’s attack was distinguished by its distinctive approach. The perpetrator used a botnet composed of so-called “internet-of-things” devices—namely, webcams and DVRs—to spam Dyn with more requests than it could handle.

    Security researchers have been warning about these internet-of-things botnets since at least the summer. In September, a botnet composed of DVRs and CCTVs took down the blog of Brian Krebs, a prominent cybersecurity journalist. And on October 1, an anonymous developer posted source code online that allowed anyone to string a similar kind of botnet together.

    Krebs wrote that releasing that software, called Mirai, “virtually [guaranteed] that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.”

    The first of those attacks to be successful on a broadly destructive scale transpired on Friday…”

    http://www.theatlantic.com/technology/archive/2016/10/how-a-bunch-of-hacked-dvr-machines-took-down-twitter-and-reddit/505073/?utm_source=nl-atlantic-weekly-102116

  2. andrewj050790

    I wonder if this will affect Dave Hamilton’s opinion of HomeKit. I believe Apple’s security first approach will prove to be the correct one as hackers target IoT devices more and more frequently. These devices are in our most private lives, being in our homes, and on this one, let’s lean toward security over convenience.

    Also, the manufacturers who cut corners are going to face recalls/bad publicity, which is more expensive than just implementing HomeKit in the first place.

  3. BurmaYank

    In this Atlantic article, the author suggested that until laws &/or regulations are passed outlawing the manufacture of these non-secure IoT peripheral devices which are contributing to Mirai-like botnet DDoS’s, or until there are some adverse court decisions against those manufacturers, there is probably going to be little reason to expect any market forces to make manufacturers care about the security problem associated with their products, & because there is no reason why an ordinary consumer should care if his/her videocam, DVR or thermostat has been hijacked by a botnet, as long as that botnet infection is not jeopardizing that consumer’s privacy or significantly/obviously slowing down its functioning.

  4. “there is no reason why an ordinary consumer should care if his/her videocam, DVR or thermostat has been hijacked by a botnet, as long as that botnet infection is not jeopardizing that consumer’s privacy or significantly/obviously slowing down its functioning.”

    Suppose that the botnet takes down the computers at the waterworks or other utility.

  5. BurmaYank

    “Suppose that the botnet takes down the computers at the waterworks or other utility.” OK. so what?

    Market forces to help prevent these Mirai-like botnet DDoS’s are obviously impossible. Even if my thermostat, DVR or router did participate in the DDoS which has just devastated my community, what possible real difference could it possibly ever have made to me or my devastated community if I had decided not to buy or use my bargain-sale-purchased thermostat, DVR or router? NONE, in truth !!! How can there be any realistic incentive for any consumer to avoid using his own personal infected IoT devices, because whatever he does with them cannot possibly make any difference to the capability & power of future (inevitable) Mirai-like botnet DDoS’s to wreak devastation upon our populations.

    And a massive public-spirited boycott against anyone these infectable IoT devices could never be any stronger than its weakest areas of non-solidarity., &

    Only laws or court injunctions turning into contraband all routers connected to the internet which lack the capability of protecting us from Mirai-like botnet infections in their downstream IoT devices (or else only laws making into contraband all the infectable webcams, etc. connected to the internet, throughout all the businesses & homes in which they operate), can possibly make any difference to the capability & power of future (inevitable) Mirai-like botnet DDoS’s to wreak devastation upon our populations.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account