Friday, October 21, 2016

Why Today’s Attacks on the Internet Are Just the Start

Thanks to powerful new botnets, hackers now have the ability to knock major companies—even whole countries—offline.

10.21.16 7:25 PM ET

Back in September Bruce Schneier, an internationally renowned security technologist, wrote about hackers probing the internet for points of weakness in an attempt to have the ability to take the entire net offline.

A lot of people blew that article off at the time as unrealistic. That was before today's attacks which temporarily took down some of the biggest names on the internet.

People have tried to do this before, attacking the root DNS (Domain Name System) servers — the yellow pages of the internet — and failing. DNS underpins all our web browsing, the glue that points us to each of our favorite internet websites.

What's happening today is hackers are explicitly targeting a company called Dyn with denial of service attacks — where a large amount of corrupt data is sent to overwhelm a company. Dyn are a cloud-based Internet Performance Management company, who provide something called "DNS services" to their customers. If DNS is like a telephone book, where you type in and get directed to the correct internet server, Dyn is the host  for about a quarter-million of these phone book entries. That's why big websites like Twitter and Reddit are misbehaving today.

What has happened over the last few years is businesses have consolidated to professional managed DNS providers, ironically in part due to the difficulty in mitigating denial of service attacks.  This has created new centralized platforms for hackers to target.

And they are being targeted. Within the past month there was a distributed denial of service attack which totalled over 1,000 gigabits per second of traffic. That's more bandwidth than many countries have. It's a staggering volume of traffic, multiple times more than anything seen previously. (In 2015, Arbor networks reported what was then the world's biggest DDoS attack: 334 gigabits per second.)

This is aiming to become the new normal. It is extremely difficult and costly to defend against — only a small number of companies can do it currently.

These attacks are driven, in part, by the "Internet of Things"—devices such as CCTV cameras and DVRs being directly attached to the internet, with poor security. Attackers are hacking these devices, inside homes and businesses across the world, to create "botnets"—a herd of infected devices, which they can use to launch attacks.  Criminals are also selling attacks from these botnets for cheap prices, allowing anybody with a wallet to launch attacks against targets.

There are many examples, but here is one.  This is a map of undersea cables, connecting the internet together across countries:


No comments:

Post a Comment