Saturday, October 29, 2016

DOS attack reminds us to be prepared - October 28, 2016

I hate it when the world mocks a recent column. Two weeks ago I extolled the virtues of the Internet of Things devices. This week, they helped cripple large parts of the Internet for the better part of a day.

On Friday the 21st, users were unable to reach sites like Twitter, Pinterest, CNN and many others. These sites all used the DYN Corporation to manage their DNS services.

When you type in an Internet address, like, the request is first routed to a Digital Name Service server. There the name is found in a database, and a number is returned to your browser. That number tells your browser where to find the actual InsideNova web server on the net.

If that DNS server is down, then your browser will not find the content you are seeking. 

 DYN manages the DNS servers for the companies that became unreachable Friday. DYN was attacked by an unknown entity using a denial of service attack, or DOS for short.

In a DOS attack a site is flooded with traffic, overwhelming its servers so they cannot do their job. Think of a million mailmen all trying to put mail into your mailbox at the same time. Not all of them could stuff mail at the same time, and the little box would be overwhelmed.

Friday’s DOS came in two separate attacks from an astonishing tens of millions of Internet addresses. By attacking this one site, the attacker was able to hobble many sites instead of just the one they were attacking.

If just one computer tried to flood another in a DOS attack, it would be easy to know where the attack was coming from and block it. To avoid detection DOS attackers created botnets to infect PCs. They might trick you into opening an email attachment that would install the botnet or sneak it onto a PC another way.

A lot of times when your computer is infected by a virus, that virus did not harm your PC or even copy information from it to another PC. Instead it became partially under the control of a bad actor. When they wanted to mount a DOS attack, they could order their army of botnets on PCs like yours and mine all over the world to begin flooding the target site with traffic.  If you and I were alert, we might notice our outgoing internet traffic was higher than it ought to be, but few of us would notice.

This is where Internet of Things devices enter the picture. When we began adding home automation hubs, internet connected lights, thermostats, sensors etc., the manufacturers did not pay as much attention as they should have to the security of those devices.

And we users are often lazy and do not change the default passwords that come with the devices.  That made it easy for botnets to install themselves on the tiny devices in our home and, on command,  join an attack on a site.

Amazingly, the botnet software is available for free on the Internet. DYN announced they discovered it was the Mirai botnet software used against them. 

DOS attacks are not only easy to do but non-technical types can also purchase DOS attacks online for about $150 a week.  Does a business competing with yours take a lot of online orders on their website? For $150 you can cripple their order-taking for a week.

We ordinary users can help combat botnets enslaving our PCs and devices. For the PCs, install anti-virus software and keep it current. Download and check your system with MalwareBytes to find bad software.

If you have an Internet connected device, learn from its manual or the manufacturer’s website how to change its default password, and update the device’s firmware to the most recent version. Reboot the device and then as soon it comes back online, change its password.  It takes only a few minutes for the Mirai botnet to find devices new to the Internet and, using their default passwords, infect them.

This is especially critical for Internet connected video baby monitors and security cameras. There are sites where you can see other people’s video feeds if they have not changed their camera default password.

These attacks may have been just mischief. Or they could be a national enemy learning how to bring down parts of our infrastructure should they ever want to mount a larger attack. Other DOS attacks demand money to stop.  Anything we can do, by securing our home devices, helps thwart them.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.