MASSIVE DDoS ATTACK
The Internet of Things has a problem
ON SEPTEMBER 21, there was a huge Distributed Denial of Service attack aimed at the DNS servers of Dyn. The servers received 40–50 times the usual levels of requests, causing significant outages and slowdowns in three waves during the day. The culprit was a piece of open-source malware called Mirai, and responsibility was claimed by the groups Anonymous and New World Hackers, although this is difficult to verify. It was the largest DDoS attack so far.
Mirai targets Linux systems, primarily those embedded into small devices, such as routers, and turns them into bots, sending out streams of spurious IP requests. What makes this attack worrying was the sheer number of devices involved: estimated at over 100,000.
The advent of the Internet of Things means there are a lot of small devices connected to the big bad Internet world, which have little thought to security. Mirai was able to be so successful because of the number of devices running on factory-default usernames and passwords. As the Internet becomes integral to modern life, we may have to be a little more careful about what we connect and how—a huge number of devices using the factory-default password is just asking for trouble.
One defense is to fight fire with fire, by using a so-called nematode, an anti-worm. It’s only been speculated so far, but the idea is to use a stack overflow buffer vulnerability within Mirai to neutralize it. It can’t clean an infected device, but it can stop it from spewing out its debilitating IP requests. It’s a drastic solution, however, as it still involves hacking devices without permission, so is not exactly legal, either.