The October 2016 Dyn
cyberattack took place on October 21, 2016, and involved multiple denial-of-service
attacks (DoS attacks) targeting systems operated by Domain Name System (DNS)
provider Dyn which made major Internet platforms and services unavailable to
large swaths of users in Europe and North America. The group New World
Hackers claimed responsibility for the attack.
Dyn and other DNS providers provide a link between the URLs generated by browsers and the corresponding IP addresses, and the DDoS attack involved malicious DNS lookup requests from tens of millions of IP addresses and is believed to involve a botnet coordinated through a large number of Internet of things-enabled (IoT) devices — including cameras, home routers, and baby monitors — that had been infected with the Mirai malware.
Cyber Attack at 11:45 EDT Oct 21st
Investigation
The US Department of Homeland Security started an investigation into the attacks, according to a White House source. No group of hackers claimed responsibility during or in the immediate aftermath of the attack. Dyn's chief strategist said in an interview that the assaults on the company's servers were very complex and unlike everyday DDoS attacks. Dr. Barbara Simons, a member of the advisory board of the US Election Assistance Commission, said such attacks could affect Internet voting for overseas military or civilians.
Dyn disclosed that, according to Flashpoint and Akamai, the attack was a botnet coordinated through a large number of Internet of things-enabled (IoT) devices, including cameras, home routers, and baby monitors, that had been infected with Mirai malware. Dyn stated that they were receiving malicious requests from tens of millions of IP addresses. Mirai is designed to brute-force the security on an IoT device, allowing it to be controlled remotely. Cybersecurity investigator Brian Krebs noted that the source code for Mirai had been released onto the Internet in an open-source manner some weeks prior, which will make the investigation of the perpetrator more difficult.
Dyn and other DNS providers provide a link between the URLs generated by browsers and the corresponding IP addresses, and the DDoS attack involved malicious DNS lookup requests from tens of millions of IP addresses and is believed to involve a botnet coordinated through a large number of Internet of things-enabled (IoT) devices — including cameras, home routers, and baby monitors — that had been infected with the Mirai malware.
Timeline of Three Attacks
According to Dyn,
a distributed denial-of-service (DDoS) attack began at 7:00 a.m. (EDT) and
was resolved by 9:20 a.m. However, a second attack was reported at
11:52 a.m. and Internet users began reporting difficulties accessing
websites. A third attack began in the afternoon, after 4:00 p.m. At
6:11 p.m., Dyn reported that they had resolved the issue.
The US Department of Homeland Security started an investigation into the attacks, according to a White House source. No group of hackers claimed responsibility during or in the immediate aftermath of the attack. Dyn's chief strategist said in an interview that the assaults on the company's servers were very complex and unlike everyday DDoS attacks. Dr. Barbara Simons, a member of the advisory board of the US Election Assistance Commission, said such attacks could affect Internet voting for overseas military or civilians.
Dyn disclosed that, according to Flashpoint and Akamai, the attack was a botnet coordinated through a large number of Internet of things-enabled (IoT) devices, including cameras, home routers, and baby monitors, that had been infected with Mirai malware. Dyn stated that they were receiving malicious requests from tens of millions of IP addresses. Mirai is designed to brute-force the security on an IoT device, allowing it to be controlled remotely. Cybersecurity investigator Brian Krebs noted that the source code for Mirai had been released onto the Internet in an open-source manner some weeks prior, which will make the investigation of the perpetrator more difficult.
Perpetrators
In correspondence
with the website Politico, the hacktivist group New World Hackers claimed
responsibility for the attack in retaliation for Ecuador rescinding Internet
access to WikiLeaks founder Julian Assange at their embassy in London, where he
has been granted asylum. This claim has yet to be confirmed. WikiLeaks alluded
to the attack on Twitter, tweeting "Mr. Assange is still alive and
WikiLeaks is still publishing. We ask supporters to stop taking down the US internet.
You proved your point." New World Hackers has claimed responsibility in the
past for similar attacks targeting sites like BBC or ESPN.com.
No comments:
Post a Comment