Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Sam Boal/Photocall Ireland

Disgruntled gamer 'used cameras and lightbulbs' to take down Netflix and Twitter

Hacker harnessed 150,000 devices such as cameras, lightbulbs and appliances to overwhelm system.

THE HACKER who shut down large parts of the US internet last month was probably a disgruntled gamer, said an expert whose company closely monitored the attack.

Dale Drew, chief security officer for Level 3 Communications, which mapped out how the 21 October attack took place, told a Congressional panel that the person had rented time on a botnet, a network of web-connected machines that can be manipulated with malware, to level the attack.

Using a powerful malware known as Mirai, the attacker harnessed some 150,000 internet of things (IoT) devices such as cameras, lightbulbs and appliances to overwhelm the systems of Dynamic Network Services Inc, or Dyn, which operates a key hub in the internet.

The so-called distributed denial of service attack jammed up traffic routing the Dyn’s servers to major websites like Amazon, Twitter and Netflix for hours before the attack could be overwhelmed.

Drew said:

We believe that in the case of Dyn, the relatively unsophisticated attacker sought to take offline a gaming site with which it had a personal grudge and rented time on the botnet to accomplish this.

Drew did not identify the gaming site but The Wall Street Journal, citing people familiar with the attack, said it was the PlayStation network.

At the time, there were worries that a foreign government might have been behind the attack.

New risk

Drew said the ability of hackers to make use of mundane home electronics to mount such an attack signalled a huge new risk in the global internet circuitry.

He said Internet of Things (IoT) devices often have easily hackable passwords, including hard-wired passwords that owners cannot change.

“He added: IoT devices also are particularly attractive targets because users often have little way to know when they have been compromised. Unlike a personal computer or phone, which has endpoint protection capabilities and the user is more likely to notice when it performs improperly, compromised IoT devices may go unnoticed for longer periods of time.”

Security

He noted that such devices are widespread around the world, including in areas with few cybersecurity protections, and that the October attack made use of “just a fraction” of those available. Mirai, he said, has infected nearly two million devices connected to the internet.

“The current lack of any security standards for IoT devices is certainly part of the problem that ought to be addressed.”

© AFP, 2016

Read: Investors blamed for ‘dramatic’ rise in Dublin house prices >

Read: New extreme right-wing party says cancellation of its event was ‘frankly inexplicable’ >

Author
View 34 comments
Close
34 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds