Sunday Snapshot 10/23/16 Vulnerable: Friday's DDoS attack on Dyn's managed DNS services brought low a huge chunk of the web for East Coast internet users, including Amazon, GitHub, Shopify, Twitter and the New York Times. It was among the most protracted and most extensive internet outages I can remember ever experiencing, and it's at least a little terrifying. The attacks were first noticed early in the morning Eastern time, and at first seemed like the kind of run-of-the-mill outages that typically last a little while and inconvenience a few users for a specific service. But the problem didn't go away, and it spanned multiple sites, rather than remaining localized to just one or two. Dyn at first said it had addressed the problem a little later on that morning, but by mid-day the DDoS attacks came back with reentered vigor and brought service disruption throughout the remainder of Friday. The second phase of attacks also targeted Dyn data centers beyond just the East coast facilities targeted earlier in the day, with around 20 centers around the world suffering targeted takedowns. It was a concerted effort to knock out Don's services, and it was perpetrated using the Mirai botnet, and included "10s of millions" of unique IP addresses, according to Dyn, which means 10s of millions of IoT devices might have been involved, making it potentially the largest concentrated botnet attack on record. Mirai basically operates by continuously reaching out via the internet and seeking IoT devices, then using a database of known factory default username and passwords to take them over and make them part of the botnet. Sadly, a significant percentage of these devices, which include popular inexpensive web-connected security cameras, never have their default login credentials changed post-purchase, making them easy targets for this kind of attack. The end result is a new reality for the internet, one in which an attack like the one we experienced isn't an isolated (or even potentially a rare) occurrence. For those of us who were trying to do anything online during the incident, the idea that this kind of thing could become a more frequent occurrence is definitely chilling. |