October 25, 2016
by Brian Galloway
Last week’s attack on multiple websites including Twitter, Spotify, and Reddit was carried out using internet-connected home devices as means of overloading the sites, experts have found.
The “global event” involved “tens of millions” of internet addresses, analysts said, and used the ‘internet of things” – home devices connected to the web – as a means of overwhelming sites with coordinated messages from thousands of machines.
Machines in people’s homes were secretly used without the owners ever knowing.
The result for sites targeted in such an attack is a distributed denial of service (DDoS) and a lack of capacity for the sites to facilitate genuine users. Twitter, Spotify and Reddit all use a company called Dyn, which was the primary target of the attack. It is used to direct users to sites.
By attacking Dyn instead of just one site, the huge number of sites that use it were affected in turn.
Factory passwords make home devices an easy target
Hackers were able to use home devices in such a way because many have unchangeable factory settings for usernames and passwords – and experts say those made in China are particularly problematic in this respect.
Security firm Flashpoint said it had confirmed the attack used botnets infected with the “Mirai” malware.
“Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords,” explained cybersecurity expert Brian Krebs, “and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.”
Krebs’ company was itself affected by a similar attack in September, one of the biggest ever known.
This type of attack is quite new, but the public release of Mirai in September opened up more opportunities for hackers.
Jeff Jarmoc, head of security for global business service Salesforce, laconically pointed out the emerging problem, tweeting:
“In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.”
Image credit: Thinkstock