Internet cyberattack: Hackers weaponised webcams, recorders
NEW YORK: The huge attack on global internet access, which blocked some of the world’s most popular websites, is believed to have been unleashed by hackers using common devices like webcams and digital recorders.
Among the sites targeted on Friday were Twitter, Paypal and Spotify. All were customers of Dyn, an infrastructure company in New Hampshire in the US that acts as a switchboard for internet traffic.
Outages were intermittent and varied by geography, but reportedly began in the eastern US before spreading to other parts of the country and Europe.
Users complained they could not reach dozens of internet destinations, including Mashable, CNN, the New York Times, the Wall Street Journal, Yelp and some businesses hosted by Amazon.
Hackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code – known as a “botnet” or, jokingly, a “zombie army” – to force an especially potent distributed denial of service (DDoS) attack.
The aim of a DDoS attack is to overwhelm an online service with traffic from multiple sources, rendering it unavailable. Dyn said attacks were coming from millions of internet addresses, making it one of the largest attacks ever seen.
Dyn said it had resolved one attack, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions. By the evening it was fighting a third.
At least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders.
Security researchers working with Dyn to investigate the attack have linked it to a network of web-enabled CCTV cameras made by a single Chinese company, XiongMai Technologies.
Allison Nixon, director of research at the security firm Flashpoint, said its web-enabled CCTV cameras and digital video recorders were forcibly networked together using the sophisticated malware program Mirai to direct the crushing number of connection requests to Dyn’s customers.
“It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” she told security researcher Brian Krebs.
The Guardian has contacted XiongMai for comment.