At­tacks on the internet keep getting big­ger and nas­tier

The Standard Journal - - NATIONAL - By BREE FOWLER AP Tech­nol­ogy Writer

NEW YORK (AP) — Could mil­lions of con­nected cam­eras, ther­mostats and kids' toys bring the internet to its knees? It's be­gin­ning to look that way.

On Oct. 21, epic cy­ber­at­tacks crip­pled a ma­jor internet firm, re­peat­edly dis­rupt­ing the avail­abil­ity of pop­u­lar web­sites across the United States.

The hacker group claim­ing re­spon­si­bil­ity says that the day's an­tics were just a dry run and that it has its sights set on a much big­ger tar­get.

And the at­tack­ers now have a se­cret weapon in the in­creas­ing ar­ray of internet-en­abled house­hold de­vices they can sub­vert and use to wreak havoc.

Meet the fire hose

Manch­ester, New Hamp­shire-based Dyn Inc. said its server in­fra­struc­ture was hit by dis­trib­uted de­nial-of-ser­vice, or DDoS, at­tacks. Th­ese work by over­whelm­ing tar­geted ma­chines with junk data traf­fic — sort of like knock­ing some­one over by blast­ing them with a fire hose.

The at­tack tem­po­rar­ily blocked some ac­cess to pop­u­lar web­sites from across Amer­ica and Europe such as Twit­ter, Net­flix and Pay­Pal.

Ja­son Read, founder of the internet per­for­mance mon­i­tor­ing firm Cloud-Har­mony, owned by Gart­ner Inc., said his com­pany tracked a half-hour-long dis­rup­tion early Fri­day af­fect­ing ac­cess to many sites from the East Coast.

A sec­ond at­tack later in the day spread dis­rup­tion to the West Coast as well as some users in Europe.

Mem­bers of a shad­owy hacker group that calls it­self New World Hack­ers claimed re­spon­si­bil­ity for the at­tack via Twit­ter, though that claim could not be ver­i­fied.

They said they or­ga­nized net­works of con­nected de­vices to cre­ate a mas­sive bot­net that threw a mon­strous 1.2 tril­lion bits of data ev­ery sec­ond at Dyn's servers. Dyn of­fi­cials wouldn't con­firm the fig­ure dur­ing a con­fer­ence call later Fri­day with re­porters.

Make that, many fire hoses

DDoS at­tacks have been grow­ing in fre­quency and size in re­cent months. But if the hack­ers' claims are true, Fri­day's at­tacks take DDoS to a new level. Ac­cord­ing to a report from the cy­ber­se­cu­rity firm Verisign, the largest DDoS at­tack per­pe­trated dur­ing the sec­ond quar­ter of this year peaked at just 256 bil­lion bits per sec­ond.

A huge Septem­ber at­tack that shut down of se­cu­rity jour­nal­ist Brian Krebs' web­site clocked in at 620 bil­lion bits per sec­ond.

Re­search from the cy­ber­se­cu­rity firm Flash­point said Fri­day that the same kind of mal­ware was used in the at­tacks against both Krebs and Dyn.

Lance Cot­trell, chief sci­en­tist for the cy­ber­se­cu­rity firm Ntrepid, said while DDoS at­tacks have been used for years, they've be­come very pop­u­lar in re­cent months, thanks to the pro­lif­er­a­tion of "internet of things" de­vices rang­ing from con­nected ther­mostats to se­cu­rity cam­eras and smart TVs. Many of those de­vices fea­ture lit­tle in the way of se­cu­rity, mak­ing them easy tar­gets for hack­ers.

The power of this kind of cyberattack is limited by the num­ber of de­vices an at­tacker can con­nect to. Just a few years ago, most at­tack­ers were limited to in­fect­ing and re­cruit­ing "zom­bie" home PCs. But the pop­u­lar­ity of new internet-con­nected gad­gets has vastly in­creased the pool of po­ten­tial de­vices they can weaponize.

The av­er­age North Amer­i­can home con­tains 13 internet-con­nected de­vices , ac­cord­ing to the re­search firm IHS Markit.

Since the at­tacks usu­ally don't harm the con­sumer elec­tron­ics com­pa­nies that build the de­vices, or the con­sumers that un­wit­tingly use them, com­pa­nies have lit­tle in­cen­tive to boost se­cu­rity, Cot­trell said.

What's be­hind the at­tacks

Like with other on­line at­tacks, the mo­ti­va­tion be­hind DDoS at­tacks is usu­ally mis­chief or money. At­tack­ers have shut down web­sites in the past to make po­lit­i­cal state­ments. DDoS at­tacks have also been used in ex­tor­tion at­tempts, some­thing that's been made eas­ier by the ad­vent of Bit­coin.

For its part, a mem­ber of New World Hack­ers who iden­ti­fied them­selves as "Prophet" told an AP re­porter via Twit­ter di­rect mes­sage ex­change that col­lec­tive isn't mo­ti­vated by money and doesn't have any­thing per­sonal against Dyn, Twit­ter or any of the other sites affected by the at­tacks.

In­stead, the hacker said, the at­tacks were merely a test, and claimed that the next tar­get will be the Rus­sian gov­ern­ment for com­mit­ting al­leged cy­ber­at­tacks against the U.S. ear­lier this year.

"Twit­ter was kind of the main tar­get. It showed peo­ple who doubted us what we were ca­pa­ble of do­ing, plus we got the chance to see our ca­pa­bil­ity," said "Prophet." The claims couldn't be ver­i­fied.

The col­lec­tive has in the past claimed re­spon­si­bil­ity for sim­i­lar at­tacks against sites in­clud­ing ESPNFan­ta­syS­ in Septem­ber and the BBC on Dec. 31.

The at­tack on the BBC mar­shalled half the com­put­ing power of Fri­day's at­tacks.

A shift­ing global as­sault

Dyn said it first be­came aware of an at­tack around 7:00 a.m. lo­cal time, fo­cused on data cen­ters on the East Coast of the U.S. Ser­vices were re­stored about two hours later.

But then at­tack­ers shifted to off­shore data cen­ters, and the lat­est wave of prob­lems continued un­til Fri­day evening East­ern time.

"Prophet" told the AP that his group ac­tu­ally had stopped its at­tacks by Fri­day af­ter­noon, but that oth­ers, in­clud­ing mem­bers of the hacker col­lec­tive known as Anony­mous, had picked up where they left off. Anony­mous didn't respond to a re­quest for com­ment via Twit­ter.

The U.S. De­part­ment of Home­land Se­cu­rity is mon­i­tor­ing the sit­u­a­tion, White House spokesman Josh Earnest told re­porters Fri­day. He said he had no in­for­ma­tion about who may be be­hind the dis­rup­tion.

Cot­trell noted that there are sev­eral firms that of­fer pro­tec­tion against DDoS at­tacks, by giving com­pa­nies a way to di­vert the bad traf­fic and re­main on­line in case of an at­tack.

But monthly sub­scrip­tion fees for th­ese ser­vices are gen­er­ally equal to a typ­i­cal DDoS ex­tor­tion pay­ment, giving com­pa­nies lit­tle in­cen­tive to pay for them.

Mean­while not much is re­quired in the way of re­sources or skill to mount a bot­net at­tack, he said, adding that would-be at­tack­ers can rent bot­nets for as lit­tle as $100. Cot­trell said the long-term solution lies in im­prov­ing the se­cu­rity of all internet-con­nected de­vices.

This story has been cor­rected to note that the DDoS at­tack on the site of se­cu­rity jour­nal­ist Brian Krebs hit 620 bil­lion bits per sec­ond, not mil­lion.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.