Parts of the Internet “broke” last Friday morning. No, not because Kim Kardashian showed her rear end again. The break was due to a large distributed denial of service attack (DDoS) on a large domain name server (DNS) provider.
*man in the back row raises his hand*
“What? I don’t understand your technical mumbo jumbo voodoo that you do.”
Okay, to put it simply, a DDoS is an attack that uses zombified computers (or devices attached to a network) to constantly send messages to servers on the web with the intent of crashing or flooding said servers and the services they provide. It’s like a flash mob of thousands of people showing up at Disney World every minute to go through the turnstiles to get into the park. The park would be overwhelmed to the point to where they couldn’t get everyone through quick enough to the point of having to close and turn people away. The attack on Friday was directed towards Dyn, Inc., a DNS provider. What’s a DNS? Dyn gives a brief description and goes through a thorough explanation as to why DNS providers are important to the Internet:
DNS is like a phone book for the Internet. If you know a person’s name but don’t know their telephone number, you can simply look it up in a phone book. DNS provides this same service to the Internet.
When you visit http://dyn.com in a browser, your computer uses DNS to retrieve the website’s IP address of 184.108.40.206. Without DNS, you would only be able to visit our website (or any website) by visiting its IP address directly, such as http://220.127.116.11.
Some services use other services and reference those by domain name and rely upon DNS services to resolve those domains so they don’t have to keep up with their version of DNS that may or may not be constantly updated. So, if you were bebopping around the New England states leaf-peeping on Friday morning and trying to update your Twitter about the pretty colors or reading the latest leaf-peeping news from /r/foliage on Reddit, you weren’t able to because Dyn, the DNS server that Twitter, Reddit, and other places use, was unable to resolve those sites due to a barrage of attacks that occurred starting around 7a on Friday morning.
So, what caused it? The post-mortem is still being done, but the possibility of a botnet that used compromised devices, like Internet accessible cameras, DVRs, and other Internet of Things (IoT) devices, were a main culprit. According to Engadget, security intelligence company Flashpoint observed a particular hacking tool that exploits weaknesses in IoT devices being used in the attack on Dyn. Analysis is still being done, so it’s unclear if other botnets were being used in the attack on Friday, but a statement from Dyn concurs with the findings. John McAfee has his suspicions that North Korea may be behind the Dyn attack.
Welcome to the new normal.
The Internet has brought us into a new age economically and as a society. We become evermore dependent on the Internet, and so it becomes a bigger target. For the past couple of years, more sophisticated attacks have been launched towards key infrastructure sites to find weaknesses. Friday’s attack may be the new normal of our technological world where hackers are able to take down large parts of the Internet at will to cause havoc for a particular region of the world. Friday’s outage may have cost businesses millions in lost revenue.
What can be done to safeguard against this new normal? Users of devices can do a lot of good by changing default administrative and user passwords. For example, a lot of routers that people buy off the shelf tend to have default administrative accounts set with a username of admin and a password of admin. If you’re unsure how to change it, Google can be a good resource as well as friends or family who have an understanding of technical devices (and are really good at Google). The Cipher Brief has an interview with cybersecurity expert J.J. Thompson on how to secure your IoT devices and yourself including the use of VPN to connect to your home network to use IoT devices.
Elected officials need to get educated about the importance of cybersecurity in a connected world. Iran, Russia, North Korea, China, and others are looking for ways to disrupt day-to-day life and cause instability within the United States. Unfortunately, elected officials, like Congresswoman Marsha Blackburn, tend to lose credibility with the tech community when trying to link the anti-piracy legislation SOPA to cybersecurity and cyberwarfare efforts. Comments like Blackburn’s then receive harsh criticism, which probably isn’t too hard to see since I’m willing to bet that Republicans aren’t the favored Party amongst Silicon Valley types.
Friday’s attack on Dyn should have made cybersecurity and cyberwarfare being waged by countries like Iran and North Korea a topic that’s pushed into the spotlight of the presidential election. However, this election has been very light on policy, both foreign and domestic, so I wouldn’t count on cybersecurity getting more than a glib response from either Donald Trump or Hillary Clinton. I could make a cheap political shot about deleted emails and servers, but I won’t because this is an issue that really should be taken seriously by our leaders rather than being made into a laughing matter.
The massive and sophisticated DDoS on Friday showed how fragile our network infrastructure can be. Although this is concerning, don’t panic and throw your devices with semiconductors out to the trash pile in fear. Safety begins at home, and folks taking simple steps to protect themselves in an online world will go a long way in fighting off bad guys in this new world.