Major Internet Outage – Don’t be part of the problem!

On Friday October 21, 2016, the Internet saw its biggest interruption due to a global Distributed Denial of Service Attack (DDOS) against one of the largest ISP in the world.

The collateral damage was large and affected all of North America.  It affected many organizations large and small. Organizations such as Netflix’s, PayPal, Twitter, New York Times, Spotify, CNBC, and thousands of other organizations were affected.

How did they do it?

The problem is the attack was not against a specific company but rather the Internet backbone servers managing the Internet’s DNS service.  The DNS service is like the telephone book of everyone using the Internet. When it is not available nothing in the Internet works.

A Distributed Denial of Service attack against DNS servers is the simple process of finding non-secure devices connected to the internet and telling them to send requests to lookup the address of a WEB site.  What happens is the request goes to the DNS server (Internet equivalent of a Telephone Book) and lookup the actual IP address so it can connect to the server.  Therefore, when you enter for example, “Google.com” in a browser that request goes to a DNS server first and lookups the IP Address to tell your browser to connect to the server located at IP location 123.234.200.100 (for example).

If you can send enough request simultaneously, you can overload the servers, essentially shutting down the Internet.  This is what happened on Friday.  In the past month, we have seen three such attacks each bigger than the last.

In September, a security web site was attacked with a bandwidth of 620 Gbps, followed shortly after with an attack against one of the largest cloud companies in the world which surpassed 1,000 Gbps and this last one is estimated at over 1,200 Gbps.

To put this in perspective your home or office internet connection probably only has about 0. 00125 Gbps (10 Mbps upload) to 0.00375 Gbps (30 Mbps Upload) capability. To harness enough bandwidth to launch an attack of 1,200 Gbps takes a lot of compromised devices.

Are You Part of the Problem?

The latest attack used in large part, internet connected devices such as DVR’s and Web cameras in combination with the free botnet called “Mirai” that can be easily downloaded from the web with full source code.  Botnets are small pieces of software that can be easily installed in any device including IoT devices. They are designed to be remote controlled and do whatever they have been programmed to do, which in this case was to make DNS service request.   IoT device range from thermostats, Internet controlled light bulbs, Smart TV, refrigerators, coffee machines, routers, printers, to Web cameras and DVR’s just to name a few.  Any Internet connected device is susceptible to be hacked if not properly protected.

Many Internet of Things (IoT) devices have limited or no security, making them easy to hack.  It is estimated that over 11.3 Million devices are currently infected by Mirai.  The attack only used about 2% of all infected devices. If you have one of these devices you may have contributed to this attack without you even knowing. (Mirai opens port 23 of firewalls, without the users knowing giving full access to a user’s network and devices).

How Can you help stop these Attacks?

Simple, refuse to buy non-secure internet device.  And the devices you do own, make certain that you have changed the default password.

For example, it is not enough to just plug one of these devices an assume everything is OK.  Hackers can easily find the default passwords of any device on the web.  Once they have the default password they can easily do a lookup for all such devices using a web service like shodan.io which is similar to Google but that returns all devices connected to the internet which meet your specification.  Armed with this list it is a trivial exercise to connect, enter the default password and then upload the malicious botnet. This applies to everything that can talk to the Internet such as your smartphone, PC, TV, printers, thermostat, web cameras, door locks, light bulbs and everything else.  

It is up to you to secure your devices or the Internet will continue to be shut down by these hackers. Don’t be part of the problem, be part of the solution!