Cy­ber­at­tack dis­rupts U.S. in­ter­net

Hacker group claims re­spon­si­bil­ity as users are kept from pop­u­lar web­sites

Baltimore Sun - - MARYLAND - By Raphael Sat­ter The Los An­ge­les Times con­trib­uted to this ar­ti­cle.

Cy­ber­at­tacks on a key in­ter­net firm re­peat­edly dis­rupted the avail­abil­ity of pop­u­lar web­sites across the East Coast of the United States on Fri­day, ac­cord­ing to an­a­lysts and com­pany of­fi­cials.

The White House de­scribed the dis­rup­tion as ma­li­cious. Mem­bers of a hacker group spread across China and Rus­sia claimed re­spon­si­bil­ity, although their as­ser­tion couldn’t be ver­i­fied.

Manch­ester, N.H.-based Dyn Inc. said its server in­fra­struc­ture was hit by what are known as dis­trib­uted de­nial-of-ser­vice at­tacks, which work by over­whelm­ing tar­geted ma­chines with junk data. The at­tack af­fected users try­ing to ac­cess pop­u­lar web­sites across Amer­ica and in Europe, in­clud­ing such sites as Twit­ter, Net­flix and PayPal.

The level of dis­rup­tion was dif­fi­cult to gauge, but Dyn pro­vides in­ter­net traf­fic man­age­ment and op­ti­miza­tion ser­vices to some of the big­gest names on the web. Crit­i­cally, Dyn pro­vides do­main name ser­vices, which trans­late ad­dresses such as “twit­ter.com” into an on­line route for browsers and ap­pli­ca­tions.

Steve Grob­man, chief tech­nol­ogy of­fi­cer at In­tel Se­cu­rity, com­pared an out­age at a do­main name ser­vices com­pany to tear­ing up a map or turn­ing off GPS be­fore driv­ing to the de­part­ment store.

“It doesn’t mat­ter that the store is fully open or op­er­a­tional if you have no idea how to get there,” he said.

Ja­son Read, founder of the in­ter­net per­for­mance mon­i­tor­ing firm CloudHar­mony, said his com­pany tracked a halfhour-long dis­rup­tion early Fri­day in which roughly one in two users would have found it im­pos­si­ble to ac­cess var­i­ous web­sites from the East Coast. Asec­ond at­tack later in the day caused dis­rup­tion to both coasts as well as af­fect­ing some users in Europe.

“It’s been pretty busy for those guys,” Read said. “We’ve been mon­i­tor­ing Dyn for years, and this is by far the worst out­age event that we’ve ob­served.”

Read said Dyn pro­vides ser­vices to some 6 per­cent of Amer­ica’s For­tune 500 com­pa­nies.

“It im­pacted quite a few users,” he said of the morn­ing’s at­tack.

Mem­bers of a shad­owy hacker col­lec­tive that calls it­self NewWorld Hack­ers claimed re­spon­si­bil­ity for the at­tack via Twit­ter. They said they or­ga­nized net­works of con­nected “zom­bie” com­put­ers that threw a stag­ger­ing1.2 ter­abits per sec­ond of data at the Dyn-man­aged servers.

“We didn’t do this to at­tract fed­eral agents, only test power,” two col­lec­tive mem­bers who iden­ti­fied them­selves as “Prophet” and “Zain” told an As­so­ci­ated Press re­porter via Twit­ter di­rect mes­sage ex­change. It was not im­me­di­ately pos­si­ble to ver­ify their claim.

Dyn of­fi­cials said they did not know who was be­hind the at­tacks or if they were or­ches­trated by a state-backed group or on­line ac­tivists or pranksters. They said they have re­ceived no claim of re­spon­si­bil­ity, but are work­ing with law en­force­ment.

The col­lec­tive, @NewWorldHack­ing on Twit­ter, has in the past claimed re­spon­si­bil­ity for sim­i­lar at­tacks against sites in­clud­ing ESPNFan­ta­syS­ports.com in Septem­ber and the BBC on Dec. 31. The col­lec­tive also claimed re­spon­si­bil­ity for cy­ber­at­tacks against Is­lamic State.

An­other col­lec­tive mem­ber the AP pre­vi­ously com­mu­ni­cated with via di­rect mes­sage called him­self “Ownz” and iden­ti­fied him­self as a 19-year-old in Lon­don. He told the AP that the group — or at least he — sought through hack­ing only to ex­pose se­cu­rity vul­ner­a­bil­i­ties.

Dur­ing the at­tack on the ESPN site, “Ownz” was asked if the col­lec­tive made any de­mands on sites it at­tacked, such as de­mand­ing black­mail money.

“We will make one de­mand ac­tu­ally… Se­cure your web­site and get bet­ter servers, other­wise be at­tacked again,” he said.

Dyn said in a se­ries of state­ments that it first be­came aware of the at­tack around 7 a.m. Fri­day and that ser­vices were re­stored about two hours later. But around two hours af­ter that, the com­pany said it was work­ing to mit­i­gate an­other at­tack.

For James Nor­ton, the for­mer deputy sec­re­tary at the De­part­ment of Home­land Se­cu­rity who now teaches cy­ber­se­cu­rity pol­icy at the Johns Hop­kins Uni­ver­sity, the in­ci­dent was an ex­am­ple of how at­tacks on key junc­tures in the network can yield mas­sive dis­rup­tion.

“I think you can see how frag­ile the in­ter­net network ac­tu­ally is,” he said.

The U.S. De­part­ment of Home­land Se­cu­rity is mon­i­tor­ing the sit­u­a­tion, White House spokesman Josh Earnest told re­porters Fri­day. He said he had no in­for­ma­tion about who might be be­hind the dis­rup­tion.

Se­cu­rity ex­perts have re­cently ex­pressed con­cern over in­creas­ing power of de­nial-of­ser­vice at­tacks fol­low­ing high-pro­file elec­tronic as­saults against in­ves­tiga­tive jour­nal­ist Brian Krebs and French in­ter­net ser­vice provider OVH .

In a widely shared es­say ti­tled “Some­one Is Learning How to Take Down the In­ter­net,” re­spected se­cu­rity ex­pert Bruce Sch­neier said last month that ma­jor in­ter­net in­fra­struc­ture com­pa­nies were see­ing a se­ries of wor­ry­ing de­nial-of-ser­vice at­tacks.

“Some­one is ex­ten­sively test­ing the core de­fen­sive ca­pa­bil­i­ties of the com­pa­nies that pro­vide crit­i­cal in­ter­net ser­vices,” he said.

These dis­trib­uted de­nial of ser­vice, or DdoS, at­tacks are on the rise, said Vince Berk, chief ex­ec­u­tive of FlowTraq, a network se­cu­rity com­pany that spe­cial­izes in de­tect­ing and de­feat­ing DDoS at­tacks.

As se­cu­rity ex­perts get bet­ter at keep­ing threats at bay, hack­ers are turn­ing in­creas­ingly to the DDoS at­tack, which he de­scribed as the “crud­est form of an at­tack you can per­pe­trate.”

Such at­tacks ef­fec­tively block users try­ing to ac­cess a site. If you wanted to slow down busi­ness at a bricks-and-mor­tar post of­fice, for ex­am­ple, you could gather a thou­sand friends to get in line all at once and buy 100 stamps each. That would pre­vent other cus­tomers who want to mail pack­ages from get­ting ser­vice. This is sim­i­lar to how a DDoS at­tack works, Berk said.

To at­tack a com­pany as large as Dyn, a hacker needs to com­man­deer a large num­ber of com­put­ers and pro­gram them to all start send­ing traf­fic to Dyn at the same time.

By do­ing this, the hacker will clog up the site with so much “junk traf­fic” that they can­not serve ac­tual cus­tomers, ac­cord­ing to a blog post from se­cu­rity ex­pert Brian Krebs, whose own site was the tar­get of a DDoS at­tack in Septem­ber.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.