The Internet of Things Helped a DDoS Attack Destroy the Internet
The Internet of Things (IoT) is ruining everything, but mostly, it’s ruining the internet. Today, a massive list of websites including Reddit, Spotify, and Twitter crashed, hard, and stayed offline for much of the morning and afternoon after a massive Distributed Denial of Service attack overpowered Dyn, Inc., a major Domain Name System provider. DDoS attacks have been around for years, but thanks to the massive network of poorly-secured internet-capable devices (think everything from nanny cams to Amazon Echo units), they just got so much worse.
DDoS attacks are extremely simple: you get a massive number of computers to request information from one source (like a website, or DNS that supplies multiple websites) at the same time. It’s the online equivalent of a huge-ass crowd at the DMV, all screaming at once. If there aren’t enough attendants to cover the requests for service, the whole thing just shuts down and comes to a standstill.
Previously, hackers relied on large networks of computers to execute DDoS attacks. Hacker collectives like Anonymous have been using them for years to take down anyone they felt like harassing, like the KKK and ISIS, but the Internet of Things has exponentially increased the DDoS attack’s power.
DDoS attacks are primarily about volume. The hacker needs nominal control over a lot of internet-connected computers, enough to overwhelm their target when it tells the network to visit a certain website. That control is usually established via a virus that lurks on unsuspecting people’s machines, and uses them when it needs them, or through a similarly coordinated network of machines. About 10, or even five years ago, you needed a lot of computers to set up a DDoS-capable network. But now, everything can connect to the internet. We have smart fridges, smart homes, smart phones, webcams to watch our pets from the office, Apple TV, DVRs, and a myriad of other internet-ready devices. And most of them are insecure as fuck.
Brian Krebs, an independent cybersecurity researcher and journalist, thinks that hackers used a network of Internet of Things devices to swamp Dyn’s servers with traffic.
“The size of these DDoS attacks has increased so much lately, thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs), and Internet routers,” Krebs wrote on his blog earlier today.
The hackers probably used a software called “Mirai” to create a massive network of IoT devices, harnessing the collective power of thousands of people’s nanny cams and DVR units into a digital weapon. Mirai’s source code leaked earlier this month, meaning it’s out there for pretty much anyone to use. And Krebs has personal experience with it — hackers used a Mirai-born botnet to launch a massive 620 gigabytes (colloquially, a shitload of data) per second DDoS attack on his website in September. Mirai is able to do this because unlike computers, IoT devices often only have rudimentary default security precautions, making them ripe for hackers to harness for DDoS attacks and more.
And the problem isn’t going away. Right now, we’re terrible at stopping DDoS attacks because the proliferation of unsecured devices has given hackers a massive leg up over traditional cybersecurity defenses. Hackers controlling massive IoT botnets can essentially hold websites and organizations for ransom, forcing them to pay out, unless they want to be traffic-blitzed into oblivion. Right now, it’s a hackers’ world, and we’re all just living in it.