Major websites paralysed by mass hack that weaponised everyday devices to expose the ‘fragility’ of the internet

Armies of computers infected with malicious code are typically used in attacks intended to overwhelm targets with simul­taneous online requests

PUBLISHED : Saturday, 22 October, 2016, 1:48am
UPDATED : Saturday, 22 October, 2016, 9:47pm

Cyberattacks that pounded the underpinnings of the internet on Friday, crippling Twitter, Netflix and other major websites, were carried out by weaponising once-dumb devices made smart with online connections.

Gadgets like webcams and digital video recorders were used to unleash waves of attacks that incapacitated a crucial piece of internet infrastructure, hampering or outright blocking access to popular online venues.

This is not some hacker sitting in his basement typing away on a keyboard
Eric O’Neill, former FBI “spy hunter”

“When I see something like this, I have to think state actor,” said Carbon Black national security strategist Eric O’Neill, a former “spy hunter” on the FBI counter-intelligence force. “This is not some hacker sitting in his basement typing away on a keyboard.”

The attack was said to put a troubling new spin on an old hacker attack known as distri­buted denial-of-service (DDoS), where millions of devices in the fast-growing internet of things took part in the cyber onslaught.

Armies of computers infected with malicious code are typically used in DDoS attacks intended to overwhelm targets with simul­taneous online requests.

Hacker software referred to as Mirai that takes control of IoT devices was evidently linked to the attack, with the broad range of devices making requests helping get past Dyn defences.

Security researchers working with Dyn to investigate the attack have linked it to a network of ­web-enabled CCTV cameras made by a single Chinese company, XiongMai Technologies, The Guardian reported.

“We are seeing attacks coming from a number of different loc­ations,” Level 3 Communications internet services company chief security officer Dale Drew said. “We are seeing attacks coming from an internet-of-things botnet that we identified called Mirai also involved in this attack.”

Heavyweight cyberattacks that seem to yield trouble but no apparent pay-off could be probing defences to refine tactics for use on high value targets such as utilities or transportation ­systems, according to O’Neill and other computer defence specialists. The attack could also have been meant as a message from a foreign power, cybersecurity analysts said.

The onslaught commanded the attention of top US security agencies, including the Department of Homeland Security.

“DHS and the FBI are aware and are investigating all potential causes” of the outages, a spokeswoman said.

The outages left internet users unable to post messages, shop, watch videos and play games ­online for parts of the day.

DDoS attacks involve flooding websites with more traffic than they can handle, making them difficult to access or taking them offline entirely. Domain name servers are a crucial element of internet infrastructure, converting numbered internet protocol addresses into the domain names that allow users to connect.

“The critical point is how fragile our internet is that these attacks can happen,” O’Neill said.

He worried what damage such attacks might do in less computer security savvy sectors such as finance, energy or transportation.