Tuesday, October 25, 2016

Hackers Use "Internet Of Things" To Bring Down The Internet

Hackers Use "Internet Of Things" To Bring Down The Internet

News Image By Daisy Luther/daisyluther.com October 25, 2016
Share this article:

You know all of those cool, sci-fi gadgets that people are beginning to get that are connected to the Internet in their homes?  

The voice-controlled thermostats, the wireless printers and cameras, the home security systems, the food scale that sends the calories to your phone app, those "smart" appliances that text you to pick up milk, and the DVRs that can be programmed via your phone from work?

Apparently, those things may not be so smart after all because they played a big role in the cyber attack that took place last Friday. 
Security analysts believe that Friday's attack on popular websites such as Reddit, Twitter, Netflix, and Spotify was the first one carried out by hackers who used the "Internet of Things."

Here s how the Internet of Things works:
Who else thinks that this is how Skynet got started? Maybe it s just me.

The attack was on one service: Dyn.

The massive attack took down the Internet across the country. The website Downdetector provided a map that shows how much of the US was affected:
l3outage-580x330
The attack was on one company, and everything else fell over like a row of dominoes.

All of the companies involved use Dyn, a cloud-based Internet performance management company.

Dyn was the target of the attack, and that, in turn, affected other companies.

Dyn is sort of like a phone book that directs users to the Internet address of the website. On Friday a distributed denial of service attack, (DDoS) affected Dyn by sending thousands of messages at the same time, which overwhelmed the service.

Security company Flashpoint said it had confirmed that the attack used "botnets" infected with the "Mirai" malware. From their site:

Flashpoint has confirmed that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware. Mirai botnets were previously used in DDoS attacks against security researcher Brian Krebs' blog "Krebs On Security" and French internet service and hosting provider OVH. Mirai malware targets Internet of Things (IoT) devices like routers, digital video records (DVRs), and webcams/security cameras, enslaving vast numbers of these devices into a botnet, which is then used to conduct DDoS attacks. Flashpoint has confirmed that at least some of the devices used in the Dyn DNS attacks are DVRs, further matching the technical indicators and tactics, techniques, and procedures (TTPs) associated with previous known Mirai botnet attacks.
Coincidentally, many of the  vulnerable "smart" devices are made in China.

Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits. 

According to the BBC:

"Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users."

The owner of the device would generally have no way of knowing that it had been compromised to use in an attack.

I'm sure those easy passwords and vulnerabilities aren't deliberate. China would never sneak Trojan horses into the USA, would they?

Originally published at DaisyLuther.com - reposted with permission.

No comments: