A number of recent news items have convinced me I need to begin a series of cyber-security related emails at school. I’ll post those messages here, as well. I began with a recent news story.
Friday’s Scary Internet Attack
Last Friday, huge swaths of the internet were unavailable for much of the day. The outage was due to a Distributed Denial of Service attack, or DDoS. To over-simplify a bit, it involves sending a flood of messages to a computer to overwhelm it. This is usually a computer serving websites or email, for example. “Distributed” just means it comes from many computers at once, usually machines compromised by malicious hackers. This type of attack is well known, and has been around for a decade or more.
Two aspects Friday’s attack make it different. First, the devices launching the DDoS were not unprotected home computers, as is typically the case. Instead, they were what is known as the Internet of Things (IoT). They were DVRs, baby monitors, and internet connected cameras; new consumer products that connect easily to the internet. These devices frequently have poor security. In this case, tens of millions of devices were involved in the attack.
Second, the target of the attack was not a specific website, but part of the Internet’s infrastructure. The attack was aimed at a major DNS server hub. DNS is what allows you to type in a human-friendly address, such as fool.org, instead of a machine-friendly address, such as 18.104.22.168. DNS in one of the oldest parts of the internet and was built without modern security in mind, making it vulnerable to attack.
A third detail, which may be the scariest, is that the software to carry out this sort of attack was just released to the public, practically guaranteeing it will become a common occurrence. It’s now possible for just about anyone to launch this kind of attack if they have a minimal proficiency with computer hacking.
While this attack was against the central infrastructure of the internet, it was made possible by poor security of internet devices everywhere. It’s a scary reminder of the importance of keeping your online life secure, for your own safety as well as the safety of everyone else. In the coming weeks I’ll be sending some emails with ways to protect yourself and your devices. Please take a few minutes read them. With just a little effort, we can avoid the scariest tricks this Halloween! Thanks,
A more technical explanation, by a respected security professional.