Who Is Trying To Disrupt The Internet?

Uploaded on 2016-10-25 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW

A prolonged Internet outage affecting major sites like Twitter, Netflix, Spotify and The New York Times recently has commentators concerned that this is was a practice run for future, more widespread disruption of the internet.

The distributed denial of service attack (DDoS) targeted the dynamic domain name service provider Dyn and came in three waves during the day.

Dyn provides internet address translation through DNS servers to take a name like www.nytimes.com and translate it into an address like 170.149.159.130. Denial of service attacks use a variety of techniques to keep the DNS servers busy. The attacks work by flooding DNS servers with millions of requests that seem legitimate but are for fake addresses, causing the DNS server to get overloaded. Real DNS requests from real users can’t get through and so it appears that the site they are trying to get to, like www.netflix.com is down.

DNS attacks operate in a number of different ways but those that affected the Dyn servers were using a range of techniques that included sending requests for sites that had random characters attached to the start of a valid domain e.g. abcd123.nytimes.com. Because these addresses are essentially valid, the DNS server tries to look the up the address but gets tied up because of the sheer volume of requests. The attacks are difficult to guard against because the requests are essentially valid.

The sheer volume of requests were being sent in part by the Mirai botnet of Internet of Things devices, mostly internet connected cameras and digital video recorders. This botnet has been in a previous attack this month on the website of a security reporter Brian Krebs.

These types of attacks have been occurring more frequently and because they involve pieces of internet infrastructure, have a more widespread impact. Last month, security analyst Bruce Schneier wrote that he believed that state actors were increasingly probing for weaknesses in the basic infrastructure of the internet in order to be able to mount large-scale devastating attacks. Because of the increase in number and intensity of DDoS type attacks in recent years, security analysts have theorised that some of the attacks are masking probing for vulnerabilities.

A particular fear is that a DDoS attack could prevent people from voting online during the US election on November 8th. Overseas military and citizens are allowed to vote online in several US states and everyone in Alaska can vote online. Russia has already been implicated in the hack of Democratic National Committee emails and organizing their release through WikiLeaks. There is concern that the Russians will try and discredit the election process in whatever way they can and disrupting it through a DDoS attack on the day would be one way of achieving this.

The risk of this actually effecting the vote on the day has been dismissed however as the window for voting online in some of these situations is weeks before the election rather than on the day. When Alabama trialed online electronic voting during the primaries, their site was in fact attacked, but although it slowed down the site, it didn’t prevent anyone from voting.

There is also the possibility that this attack was actually just hackers going after a particular site that happened to be using the Dyn service. The source code for the Mirai botnet was released on October 1st and since that time, other hackers have been using the code to expand the number of bots involved and create their own botnets. DDoS attacks may actually just be hackers testing out the power of their creations.

The internet remains incredibly vulnerable to attacks on its infrastructure and right now, there are few ways of avoiding them. Because Internet of Things devices like cameras, digital video recorders, and a whole range of other equipment are being used as vehicles to launch DDoS attacks, making sure that the devices are secure would be a priority. However, manufacturers are creating these devices in a way that doesn’t allow for automated, un-monitored updates which is what is really required for security patches to be applied when they are discovered. Governments could potentially legislate that they should take all efforts to ensure their devices are secure before allowing the public to connect them to the internet, but this would need all countries of the world to do this.

It does bring into question the ability of governments to put even more of its interface with the public online since as soon as it does, it becomes a potential target for malicious actors. Governments in particular need to become more adept at dealing with this possibility, especially after the Australian Bureau of Statistics demonstrated that it was unable to run an online census collection successfully in the face of relatively minor DDoS attacks.

Science2.0

« China’s Plan To Organise Society Using Big Data
Strategies For A Cyber Security Culture (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

PrivateVPN

PrivateVPN

PrivateVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Simplilearn

Simplilearn

Simplilearn is the world's #1 online bootcamp for digital skills training in disciplines such as Cyber Security, Cloud Computing, Project Management, Digital Marketing, and Data Science.

Phakamo Tech

Phakamo Tech

Phakamo Tech offers a full set of governance, risk, compliance, cybersecurity and Microsoft Cloud services that include consulting, planning, implementation and cyber incident response.

Swiss Cyber Forum (SCF)

Swiss Cyber Forum (SCF)

The Swiss Cyber Forum (SCF) builds competences and helps its members to mitigate the cyber risks associated with digitalisation.

Cheops Technology

Cheops Technology

Cheops is a specialist in IT Business Technology Services. We help SMEs and large companies build, optimize and manage their IT so they can focus on their core business.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.