Advertisements

How Your DVR was Hijacked to Help Epic Cyberattack

The massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic, shows those ominous predictions are now a reality.

“The complexity of this attack is because it’s so distributed. It’s coming from tens of millions of source IP addresses that are globally distributed around the world. What they’re doing is moving around the world with each attack.”

An unknown attacker intermittently knocked many popular websites offline for hours Friday, from Amazon to Twitter and Netflix to Etsy. How the breach occurred is a cautionary tale of the how the rush to make humdrum devices “smart” while sometimes leaving out crucial security can have major consequences.

Dyn, a provider of Internet management for multiple companies, was hit with a large-scale distributed denial of service attack (DDoS), in which its servers were flooded with millions of fake requests for information, so many that they could no longer respond to real ones and crashed under the weight.

[Read the full story here, at USAToday]

Who orchestrated the attack is still unknown. But how they did it — by enslaving ordinary household electronic devices such as DVRs, routers and digital closed-circuit cameras —is established.

The attackers created a digital army of co-opted robot networks, a “botnet,” that spewed millions of nonsense messages at Dyn’s servers. Like a firehose, they could direct it at will, knocking out the servers, turning down the flow and then hitting it full blast once again.

The specific weapon? An easy-to-use botnet-creating software called Mirai that requires little technical expertise. An unknown person released it to the hacker underground earlier this month, and security experts immediately warned it might come into more general use.

Mirai insinuates itself into household devices without the owner’s knowledge, using them as platforms to send the sever-clogging messages even as the device continues to do its day job for its true owner.

The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance.

That breadth of “attack surface,” as security experts call it, is one of the things that makes Mirai so difficult to fight, said Kyle York, Dyn’s chief strategy officer.

“The complexity of this attack is because it’s so distributed…..(read more)

Source: USAToday

Advertisements

One Comment on “How Your DVR was Hijacked to Help Epic Cyberattack”

  1. Mike says:

    I have long suspected my DVR had terrorist leanings… I was just afraid to say anything.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.