At­tacks on the in­ter­net get­ting big­ger, nas­tier

Lat­est in­ci­dent dis­rupted avail­abil­ity of pop­u­lar web­sites across the U.S.

Daily Local News (West Chester, PA) - - BUSINESS - By Bree Fowler AP Tech­nol­ogy Writer

NEW YORK >> Could mil­lions of con­nected cam­eras, ther­mostats and kids’ toys bring the in­ter­net to its knees? It’s be­gin­ning to look that way.

On Fri­day, epic cy­ber­at­tacks crip­pled a ma­jor in­ter­net firm, re­peat­edly dis­rupt­ing the avail­abil­ity of pop­u­lar web­sites across the United States. The hacker group claim­ing re­spon­si­bil­ity says that the day’s an­tics were just a dry run and that it has its sights set on a much big­ger tar­get. And the at­tack­ers now have a se­cret weapon in the in­creas­ing ar­ray of in­ter­net-en­abled house­hold de­vices they can sub­vert and use to wreak havoc.

Meet the fire hose

Manch­ester, New Hamp­shire­based Dyn Inc. said its server in­fra­struc­ture was hit by dis­trib­uted de­nial-of-ser­vice, or DDoS, at­tacks. These work by over­whelm­ing tar­geted ma­chines with junk data traf­fic — sort of like knock­ing some­one over by blast­ing them with a fire hose. The at­tack tem­po­rar­ily blocked some ac­cess to pop­u­lar web­sites from across Amer­ica and Europe such as Twit­ter, Net­flix and PayPal.

Ja­son Read, founder of the in­ter­net per­for­mance mon­i­tor­ing firm CloudHar­mony, owned by Gart­ner Inc., said his com­pany tracked a half-hour-long dis­rup­tion early Fri­day af­fect­ing ac­cess to many sites from the East Coast. A sec­ond at­tack later in the day spread dis­rup­tion to the West Coast as well as some users in Europe.

Mem­bers of a shad­owy hacker group that calls it­self New World Hack­ers claimed re­spon­si­bil­ity for the at­tack via Twit­ter, though that claim could not be ver­i­fied. They said they or­ga­nized net­works of con­nected de­vices to cre­ate a mas­sive bot­net that threw a mon­strous 1.2 tril­lion bits of data ev­ery sec­ond at Dyn’s servers. Dyn of­fi­cials wouldn’t con­firm the fig­ure dur­ing a con­fer­ence call later Fri­day with re­porters.

Make that, many fire hoses

DDoS at­tacks have been grow­ing in fre­quency and size in re­cent months. But if the hack­ers’ claims are true, Fri­day’s at­tacks take DDoS to a new level. Ac­cord­ing to a re­port from the cy­ber­se­cu­rity firm Verisign, the largest DDoS at­tack per­pe­trated dur­ing the sec­ond quar­ter of this year peaked at just 256 bil­lion bits per sec­ond.

A huge Septem­ber at­tack that shut down of se­cu­rity jour­nal­ist Brian Krebs’ web­site clocked in at 620 bil­lion bits per sec­ond. Re­search from the cy­ber­se­cu­rity firm Flash­point said Fri­day that the same kind of mal­ware was used in the at­tacks against both Krebs and Dyn.

Lance Cot­trell, chief sci­en­tist for the cy­ber­se­cu­rity firm Ntrepid, said while DDoS at­tacks have been used for years, they’ve

be­come very pop­u­lar in re­cent months, thanks to the pro­lif­er­a­tion of “in­ter­net of things” de­vices rang­ing from con­nected ther­mostats to se­cu­rity cam­eras and smart TVs. Many of those de­vices fea­ture lit­tle in the way of se­cu­rity, making them easy tar­gets for hack­ers.

The power of this kind of cy­ber­at­tack is lim­ited by the num­ber of de­vices an at­tacker can con­nect to. Just a few years ago, most at­tack­ers were lim­ited to in­fect­ing and re­cruit­ing “zom­bie” home PCs. But the pop­u­lar­ity of new in­ter­net-con­nected

gad­gets has vastly in­creased the pool of po­ten­tial de­vices they can weaponize. The av­er­age North Amer­i­can home con­tains 13 in­ter­net-con­nected de­vices , ac­cord­ing to the re­search firm IHS Markit.

Since the at­tacks usu­ally don’t harm the con­sumer elec­tron­ics com­pa­nies that build the de­vices, or the con­sumers that un­wit­tingly use them, com­pa­nies have lit­tle in­cen­tive to boost se­cu­rity, Cot­trell said.

What’s be­hind the at­tacks

Like with other on­line at­tacks, the mo­ti­va­tion be­hind DDoS at­tacks is usu­ally mis­chief or money. At­tack­ers have shut down

web­sites in the past to make po­lit­i­cal state­ments. DDoS at­tacks have also been used in ex­tor­tion at­tempts, some­thing that’s been made eas­ier by the ad­vent of Bit­coin.

For its part, a member of New World Hack­ers who iden­ti­fied them­selves as “Prophet” told an AP re­porter via Twit­ter di­rect mes­sage ex­change that col­lec­tive isn’t mo­ti­vated by money and doesn’t have any­thing per­sonal against Dyn, Twit­ter or any of the other sites af­fected by the at­tacks. In­stead, the hacker said, the at­tacks were merely a test, and claimed that the next tar­get will be the Rus­sian govern­ment for com­mit­ting al­leged cy­ber­at­tacks against the U.S. ear­lier this year.

“Twit­ter was kind of the main tar­get. It showed peo­ple who doubted us what we were ca­pa­ble of do­ing, plus we got the chance to see our ca­pa­bil­ity,” said “Prophet.” The claims couldn’t be ver­i­fied.

The col­lec­tive has in the past claimed re­spon­si­bil­ity for sim­i­lar at­tacks against sites in­clud­ing ESPNFan­ta­syS­ in Septem­ber and the BBC on Dec. 31. The at­tack on the BBC mar­shalled half the com­put­ing power of Fri­day’s at­tacks.

A shift­ing global as­sault

Dyn said it first be­came aware of an at­tack around 7:00 a.m. lo­cal time, focused on data cen­ters on the East

Coast of the U.S. Ser­vices were re­stored about two hours later. But then at­tack­ers shifted to off­shore data cen­ters, and the lat­est wave of prob­lems con­tin­ued un­til Fri­day evening Eastern time.

“Prophet” told the AP that his group ac­tu­ally had stopped its at­tacks by Fri­day af­ter­noon, but that oth­ers, in­clud­ing mem­bers of the hacker col­lec­tive known as Anony­mous, had picked up where they left off. Anony­mous didn’t re­spond to a re­quest for comment via Twit­ter.

The U.S. De­part­ment of Home­land Se­cu­rity is mon­i­tor­ing the sit­u­a­tion, White House spokesman Josh Earnest told re­porters Fri­day. He said he had no in­for­ma­tion about who may be be­hind

the dis­rup­tion.

Cot­trell noted that there are sev­eral firms that of­fer pro­tec­tion against DDoS at­tacks, by giv­ing com­pa­nies a way to di­vert the bad traf­fic and re­main on­line in case of an at­tack. But monthly sub­scrip­tion fees for these ser­vices are gen­er­ally equal to a typ­i­cal DDoS ex­tor­tion pay­ment, giv­ing com­pa­nies lit­tle in­cen­tive to pay for them.

Mean­while not much is re­quired in the way of re­sources or skill to mount a bot­net at­tack, he said, ad­ding that would-be at­tack­ers can rent bot­nets for as lit­tle as $100. Cot­trell said the long-term so­lu­tion lies in im­prov­ing the se­cu­rity of all in­ter­net-con­nected de­vices.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.