Cyber Security

Blame Hacked Internet Of Things Devices For Today’s Website Outages

Researchers blame Mirai, a botnet that relies on hacked gadgets, for Friday's slowdown

Cyber Security
Illustration: Tara Jacoby
Oct 21, 2016 at 5:55 PM ET

The massive cyberattack that repeatedly slowed down the internet Friday, rendering some sites unusable for hours, capitalizes on an army of hacked Internet of Things devices.

That’s according to Dyn, a New Hampshire-based company that offers Domain Name System services, which translate the web address you type into your browser into the technical, numerical address of the network you want to visit. For example, you could bypass typing Vocativ.com and just type our IP address of 38.94.131.34 into your browser — at least if we hadn’t disabled that possibility. A DNS service automates that process. 

Starting Friday morning, Dyn was hit with an enormous DDoS attack, meaning huge numbers of visitors overwhelm a network with traffic at the same time, slowing its operations to a crawl.Attacks of this kind are often accomplished with a botnet, a network of remotely controlled devices infected with malware. In the case of a DDoS attack, an attacker can instruct all devices in the botnet to simultaneously visit the same network.

As a result of Friday’s attacks, many popular U.S. sites that use Dyn, including Twitter, Reddit, and Spotify, were rendered temporarily unusable. The attack has harnessed tens of millions of different IP addresses, company representatives said in a press call early Friday evening.

There’s no word yet who might be responsible for the attack, and Dyn hasn’t heard from any sources who have claimed responsibility. Since a sophisticated DDoS attack uses attacks from all around the world, there’s no hope tracing a geographical source.

Dyn is confident about one thing: Attackers are using the so-called Mirai botnet to bring them down, a company representative said.

Mirai is a recently discovered type of malware with enormous capabilities. And because its anonymous author published its code, it can be used or tweaked by almost anyone. Mirai relies on two disquieting facts about the so-called “internet of things” or smart devices — internet-connected gadgets, like house cameras or refrigerators or toothbrushes. The first is that such devices are becoming rapidly popular around the world. The second is that they’re often given extremely basic usernames and passwords. Mirai’s author even published a list of 61 common IoT combinations, like “admin1” and “password,” and “administrator” and “1234.” Automated programs scan for of IP addresses used by such devices, try to log in with those easy login credentials, and infect the device if possible. The use of the Mirai botnet is at least partially to blame for this ongoing DDoS. 

In September, after reporting on Mirai, renowned independent security blogger Brian Krebs was hit with one of the largest DDoS attacks ever seen, knocking his site offline for several days.

As Dyn has no idea who’s behind the attack, there’s no telling if this is the work of a nation-state or a criminal gang of hackers. It said it is working with a coalition of U.S. law enforcement and private groups to stop it, though. Similarly, there’s no telling when it will end — or who the next victim of Mirai will be.