Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
A WAVE OF cyber attacks which hit some of the most popular sites on the internet yesterday could have been the result of an inside job, according to a former FBI agent.
The attacks crippled online giants including Twitter, Netflix, Playstation and Amazon by hampering or outright blocking access to popular online venues.
This was done through incapacitating a crucial piece of internet infrastructure.
“When I see something like this, I have to think state actor,” said Carbon Black national security strategist Eric O’Neill, a former “spy hunter” on the FBI counter-intelligence force.
This is not some hacker sitting in his basement typing away on a keyboard.
The attack was said to put a troubling new spin on an old hacker attack known as distributed denial-of-service (DDoS), where millions of devices in the fast-growing internet of things (IoT) took part in the cyber onslaught.
Armies of computers infected with malicious code are typically used in DDoS attacks intended to overwhelm targets with simultaneous online requests.
Hacker software referred to as Mirai that takes control of IoT devices was evidently linked to the attack, with the broad range of devices making requests helping get past Dyn defences.
“We are seeing attacks coming from a number of different locations,” according to Dale Drew, chief security officer at Level 3 Communications – an internet services company.
In a video posted online, he said:
“We are seeing attacks coming from an internet-of-things botnet that we identified called Mirai also involved in this attack.”
Possible probe
Heavyweight cyber attacks that seem to yield trouble but no apparent payoff could be probing defences to refine tactics for use on high value targets such as utilities or transportation systems, according to O’Neill and other computer defence specialists.
The attack could also have been meant as a message from a foreign power, cyber security analysts told AFP.
The onslaught commanded the attention of top US security agencies, including the Department of Homeland Security.
“DHS and the FBI are aware and are investigating all potential causes” of the outages, a spokeswoman said.
The outages left internet users unable to post messages, shop, watch videos and play games online for parts of the day.
Dynamic Network Services Inc, which manages internet traffic, said around 11.00 GMT that its infrastructure had been hit by a distributed denial of service, or DDoS, attack in the eastern part of the United States.
The initial attack was resolved within about two hours but the company, known as Dyn, was slammed with a second DDoS wave.
DDoS attacks involve flooding websites with more traffic than they can handle, making them difficult to access or taking them offline entirely.
Domain name servers are a crucial element of internet infrastructure, converting numbered Internet Protocol addresses into the domain names that allow users to connect to internet sites.
The DDoS attack hit what is akin to a directory assistance service used to route online traffic to the right addresses, meaning that even though networks such as Level 3 were running normally they couldn’t be reached.
A map published by the website downdetector.com showed the effect was felt across the US and into Europe
“The critical point is how fragile our internet is that these attacks can happen,” O’Neill said.
He worried what damage such attacks might do in less computer security savvy sectors such as finance, energy or transportation.
Dyn put out a status update at 2217 GMT saying the incident had been resolved.
Amazon Web Services, which hosts some of the most popular sites on the internet, including Netflix and the homestay network Airbnb, said that it also staved off one attack, only to be hit with similar problems several hours later.
Battle of the Bulge
DDoS attacks have been in the hacker arsenal for quite some time, but abated as companies learned how to defend against them. Security analysts say there has been a resurgence.
According to Verisign, the number of DDoS attacks rose 75% year-on-year in the second quarter of this year.
Such attacks have escalated “thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices – poorly secured Internet-based security cameras, digital video recorders and Internet routers,” cyber security specialist Brian Krebs wrote in a post at krebsonsecurity.com.
Attackers use DDoS attacks for a range of purposes, including censorship, protest and extortion.
The loose-knit hacktivist network Anonymous in 2010 targeted DNS provider EveryDNS and others as retribution for efforts to block the anti-secrecy organization WikiLeaks.
Roland Dobbins, principal engineer at the networks security company Arbor Networks, told AFP that, though it was spectacular, the attack was a constant and relentless fact of life on the internet.
“It’s like a combination of the Wild West, Normandy and the Battle of the Bulge on the internet every day,” he said.
He felt that the attack’s scale did not necessarily mean the attackers had large resources.
“It does not require a nation-state to launch a DDoS attack of this magnitude or impact,” he said. “When it comes to DDoS attacks, states are just another player.”
James Scott, co-founder of the Institute for Critical Infrastructure Technology, said the attacks demonstrated well-known vulnerabilities of the internet.
“Simply put, the internet in its original and modern form was not designed with security in mind,” he told AFP.
- © AFP 2016.
It’s possibly someone showing off their capability before putting it up for auction. Like the Christmas Sony hack a couple of years ago
Here’s why this wasn’t a nation state actor. Let’s take a look at an excerpt from the log of the Firewall on my Home Router: (IP’s truncated)
Oct 22 16:26:30: [Minor] Port Scan is detected (186.244.206.xx:15314->109.255.xx.yy:23 TCP) from module Firewall
Oct 22 16:28:07: [Minor] Port Scan is detected (83.21.5.xx:63112->109.255.xx.yy:9999 TCP) from module Firewall
Oct 22 16:28:04: [Minor] Port Scan is detected (93.171.199.xx:11943->109.255.xx.yy:23 TCP) from module Firewall
My router (and yours) is scanned thousands of times a day, looking for open ports through which they can connect to webcams, home alarm systems etc etc. Not that they want to spy on you, or steal your stuff. That’s actually quite rare. Instead they will simply turn your devices into internet weapons that will send crafted queries designed to spam other machines, anywhere else on the Net.
It’s not the Russians doing this. It’s gangs of basement dwellers and malcontents. Much ado about nothing in terms of world politics. Be more worried about your shiny new Thermostat.
State sponsored hackers are “sitting in the basement” type hackers who are just employed, plus there’s a lot more of them, what are they on about? They’re really pushing this Russia thing! There’s a few videos of Putin talking to international journalists asking them to actually do their job and report on what’s happening because the U.S. Media are out of control. It’s a sad state of affairs when you get to this stage.
@Linda: Well yes Linda, but with the additional training, education and skill-set that comes with that. They don’t spend their lives scanning Virgin media IP blocks trying to hack home devices. They don’t care about DYN (the company hit yesterday) or their customers, by and large, or perform low grade nuisance attacks in general.
Instead they are busy doing the same thing to IP blocks belonging to infrastructure and governments.
Which is why I think we agree that this was unlikely to be nation state and even if it was Russia are no more likely to be guilty than China, Iran or North Korea if it was.
We agree. I think it’s least likely to be Russia anyway, if they really thought it was them they wouldn’t say it. I mean why this story and not the one where Putin is saying he doesn’t want to get into a war with the U.S but they have to stop moving their nuclear stuff over toward him? If there’s even a chance that the U.S. is trying to start a war, shouldn’t we know this before we worry about who fiddled with Twitter? They’ve done it before and they’re at it again.
This has F-Society written all over it…
I found the discrimination against me as a kid was very prominent, as one of the few vegetarian in school, I really understood how it felt to be frowned upon for being different. Other students would shout ‘winner winner, chicken dinner’ at me when they quite clearly knew I did not eat the low grade chicken there degenerate mum’s would make them scoff on a daily basis.
@Jaque H Doyle, winner winner, chicken dinner. How do you like your steak cooked ?
Someone putin on a show of power in support of his business friend, Trump?
So the US are saying that, at the moment, the Russians are the evil superior cyber power? It could be anyone really. Their tech companies have been farming out manufacturing, data handling and coding etc to the Far East and third world for years chasing the bottom line, so it shouldn’t surprise them if they’re open to both fair and unfair competition, underground practices and even attacks from anywhere in the world. Silicon Valley has the startup and investment gig but the technology is inherently wide open to bad intentioned talent everywhere.
Jasus I hope they don’t DOS attack Eircode… Pizza consumption would grind to a halt!!!
TBH these people bore me. If this is what makes you happy in life you really need to get a life it’s so much more fun!
Us testing the internet kill switch , before martial law is declared all communications will be severed !
Can’t be Anonymous, most of their hacker’s are actually in prison or simply not good enough, so that leaves the Chinese or the Russian’s? My money’s on the commies…
Eh they’re both commies…
have your say