“We feel strongly this was NOT an attack from another country, but a group of loosely organized hackers”
A Legal Insurrection reader who I know to be involved in internet security issues sent me the following explanation of yesterday’s attacks that slowed down many major websites. That person asked to keep his name private because of his work position.
Here is his explanation sent to clients of the firm he works at:
Our entire senior technical team and I have read through the intelligence on the DDOS attack today against DYN. It resulted in massive internet outages on the east coast and eventually the west coast. This was actually several separate escalating attacks.
This type of attack was very predictable because of the recent public release of the Mirai DDOS Malware. The attack consisted of millions of bogus requests to the servers at DYN. All servers and clouds have finite capacity and eventually the servers at DYN failed. DYN provides DNS services for thousands of websites (Twitter, Spotify, Amazon AWS, Amazon Ads, Reddit, Paypal, and other big players).
If you are unfamiliar with DNS, you can think of it as a phone directory for the internet. When you type in a domain name, your ISP (internet service provider) uses the DNS (domain name service) to convert the name to an IP address, which in turn is used to route your request. If there is no DNS, there is no way to route the request and the website is unreachable.
This attack has much bigger ramifications than most people know. Here are the things you need to know:
1. DYN should have been prepared for this attack. It is unclear why they were incapable of absorbing it or mitigating the risk of such an attack. They are a huge company and one of their experts (Doug Madery) made a presentation on this subject yesterday (which no doubt triggered the attack).
2. DYN claims to have mitigated the attacks and then the attacks subsided. We are skeptical as to whether or not they mitigated the majority of the impact, before the attacks stopped. To reassure their customers they would need to release the statement they did.
3. There is no way to determine if they will be attacked again and what steps they are currently taking to protect themselves.
4. No data was at risk at any time and no sites were hacked. This was simply a flood of fake traffic that crushed the DYN DNS server cluster.
5. We feel strongly this was NOT an attack from another country, but a group of loosely organized hackers (internet sociopaths).
6. This attack was orchestrated through the software vulnerabilities of the IOT (Internet of Things). These are NOT infected PCs. Instead, they are infected devices such as webcams, security cameras, DVRs, smart TVs, routers, and similar devices.
7. There is no quick fix for this. You would need all the owners to update the firmware of the devices.
8. The last attack may have used as many as 500,000 infected devices. That is probably a very small fraction of the infected devices.
9. It is impossible to block the IP addresses of the devices, because the real IP addresses were not used (known as IP spoofing).
10. The malware takes advantage of the practices of certain ISPs (internet service providers) that do a poor job of blocking this type of traffic.
11. The attack on DYN was an obvious choice because they provide the DNS for Twitter, Spotify, Amazon AWS, Amazon Ads, Reddit, Paypal (and other big players) and had just publicly shared their concerns about this vulnerability.
12. Your site was NOT directly affected, because the DNS is hosted on our private DNS servers or your host (too small to be targets)
13. If you had third-party elements on your website that were affected (Twitter widgets, ads, etc.), the pages would have seemed slow to load
14. This attack could have had ANY target. Use your imagination as to what other targets could be (airlines, transportation, government, major news sites, etc.).
15. The ONLY long term fix is to have major internet players (Google, Facebook, Twitter, etc.) threaten to block ALL traffic from non-compliant ISPs.
16. We believe this attack was just a test, and more attacks will come (most likely on different targets).DONATE
Donations tax deductible
to the full extent allowed by law.