By Ben Greisler, owner Kadimac Group
A few days ago we had an organized attack on the core of the Internet and it opened a lot of peoples eyes to the threats we face in the cyber world. While there have been many cyber attacks in the past, the difference with this one was that it impacted users of popular Internet services such as Twitter, Amazon, CNN and PayPal. This wasn’t one entity attacking a singular other; it was aimed at Internet users in general. For those of us in the business it was very, very spooky stuff.
So what happened? Before we can have that discussion, bear with me for a sentence or ten while I explain the functioning of the Internet. Computers speak language as numbers while we humans do better with words not to mention the fact that the Internet is comprised of almost 1.1 billion sites (yes, you read that right). To bridge this gap of number of websites and computers speaking a different language than humans, we need a system that tracks both. This is done by something called the Domain Name System (DNS). The very simple explanation is that it is like your contacts list but at a grand scale and it can go find stuff it doesn’t have in its own records. It was invented by some very clever people and it is quite elegant in its design. Without DNS the Internet is just a big computer network without a way to get anywhere.
The DNS system is structured in a way where there are multiple levels of servers providing the information to the world. There are servers that only handle what we call Top Level Domains (TLD) that are the .com, .net, .edu and others. When a request is made to find a website called www.yourcompany.com, the request may be handled by a server that only answers questions about “.com” and it points to the server that is responsible for “yourcompany.com” and that server can answer where “www.yourcompany.com” resides. You can see how it builds the information through the hierarchy of servers.
“Ben, my head is spinning and two cups of coffee hasn’t helped. So what happened?” It is this middle server that was attacked, the one handling “yourcompany.com” but to be more specific, it was an attack on the servers hosted by a company called Dyn. They are a large DNS provider and well known in the business. They are not slackers, but the organizers of the attack used something called a Distributed Denial of Service (DDOS) where they flooded the DNS servers with requests at such a high rate the system collapsed. With the system unable to respond to legit requests, your ability to reach the sites you wanted was stopped.
How did they do it? This is the second scary piece. In the past groups that used DDOS attacks accomplished it by using compromised computers. They used virus or malware infected computers but in this case they used compromised “Internet of Things” (IoT) devices like web cameras, baby monitors, and other devices that conveniently connect to the Internet. What has been discovered is that many of this type of device has hard coded passwords for back door access and they can’t be changed! No update will fix that. They only way of preventing this from happening again is to disconnect the devices from the Internet.
The really insidious nature of this attack is that taking down one system has such wide ranging impact. Just not did it hurt the big guys, but it would have hurt anyone that had their DNS records for their websites hosted with Dyn. Mind you, Dyn is a big player and they should be commended for fixing the issue as quickly as they did.
Ben Greisler is the owner of Kadimac Corp, a computer consulting firm specializing in helping companies access their data securely from any place on any device. Look him up on Amazon and then visit http://www.kadimac.com