FBI Warns Internet Online Attacks on Private Industry Will Continue

Online attacks launched from thousands of connected devices, such as one that disabled parts of the internet in October, are here to stay, the Federal Bureau of Investigation is warning.

“The exploitation of the ’Internet of Things’ (IOT) to conduct small-to-large scale attacks on the private industry will very likely continue,” the FBI wrote in an Oct. 26 bulletin to private companies. A person familiar with the matter said a version of the bulletin that appeared on the internet Friday was authentic.

In a statement, an FBI spokeswoman said, “In furtherance of public-private partnerships, the FBI routinely advises private industry of various cyberthreat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cybercriminals.”

The FBI issued the bulletin five days after hackers used a network—called Mirai—of internet-connected devices including cameras and digital-video recorders to launch an attack on internet service provider Dynamic Network Services Inc., known as Dyn. The Oct. 21 attack left more than 1,200 websites unreachable for some, disrupting companies such as Twitter Inc., Netflix Inc. and The Wall Street Journal.

The nation’s top law-enforcement agency said more attacks are likely because Mirai’s source code is public, allowing anyone with technical expertise to set up his own “botnet” of hacked computers. Researchers say other hackers over the past few weeks have used the Mirai code to launch daily small- scale attacks, typically against gaming websites or rivals.

The botnet takes control of consumer devices and reprograms them to bombard victims with billions of bytes of unwanted data, a technique known as a distributed denial of service, or DDoS, attack.

Before the Dyn attack, Mirai had also attacked computer-security blogger Brian Krebs and French web hosting provider OVH, and there is now speculation that it could be used to launch attacks on Tuesday, disrupting the U.S. election.

U.S. authorities have linked Russia to a continuing campaign to disrupt Tuesday’s election, but Russia hasn’t been linked to the Mirai botnet. Director of National Intelligence James Clapper said Oct. 25 it didn’t appear foreign governments were behind the Mirai attack.

The “FBI does not have any confirmation of a group or individuals responsible for the [Dyn] DDoS,” the FBI’s bulletin states. It doesn’t mention the upcoming election.

One researcher, who has been following the development of the Mirai botnet, downplayed the possibility of an Election Day attack, noting U.S. elections are administered by thousands of state and local agencies, making them a tough target.

“There’s no central infrastructure associated with the elections,” said Allison Nixon, a researcher with internet-security firm Flashpoint. “So there are a lot of unknowns. I don’t think people should get too excited about the DDoS aspect of this.”

Write to Robert McMillan at [email protected]