Anatomy of a Coordinated Hack Attack
Hackers never rest. They will seize any opportunity to take down websites or prevent you from reaching the websites you want to visit. In October of 2016, an online company that monitored and routed Internet traffic for millions of people went down for almost 12 hours.
Just another hack story, right? Yes, but you should know how it happened because it may encourage you to change some of your online behavior to stay safe.
Here's a close look at the anatomy of a hack that's all too common. The who, why and how.
Who was hacked?
- The directly attacked website was Dyn, a company that that routes and monitors Internet traffic. Dyn provides Internet support services to some of the top websites in the country.
- The websites (and their customers) that were affected included:
- Dyn's service links the domain names people key in, such as "amazon.com" to that's website's IP address.
- By knocking Dyn offline for 11+ hours, computer users on the East Coast of the U.S were not able to reach Tumblr, PayPal, etc. during that time.
When did it happen?
- The attack blocked out millions of users from reaching their favorite websites and online services in late October 2016.
- It began at 7:10 a.m. ET Friday morning. Dyn first posted on its website that it "began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure."
- The attack was first reported on a website called Hacker News, under the title "Massive Dyn DNS outage."
- It ended at 6:17 p.m., when Dyn updated its website to say it had resolved the large-scale distributed denial of service attack and service had been restored.
- As news of the attack hit the airwaves, the term "DDoS" was a top trending topic on the major search engines.
- Early news reports said Dyn was getting millions of messages from "around the globe sent by seemingly harmless but Internet-connected devices."
What kind of attack was it?
- The attack was the DDoS variety: Distributed Denial of Service.
- A DDoS attack, instigated and coordinated by hackers, floods a website's server with so many Internet requests that it cannot respond to actual customers' normal requests for service. Typically, the attacked website crashes.
- According to cybersecurity experts, DDoS attacks are hard to combat "because it's hard to distinguish legitimate traffic from botnet traffic."
- If you tried to connect to a website that used Dyn for support during the down period, you would have received an error message saying the site was unavailable.
Note: You can go to the WhatIsMyIPaddress.com Learning Center to learn about DDoS.
Who was behind the attack?
- The identity of the hackers remains a mystery.
- The hackers used a simplified program (source code) that was available on what's called the "dark web."
- Reports say that "unskilled" hackers would have been able to launch the DDoS with the software and advice made available on hacker networks.
- Dyn wasn't sure if the attack was designed to take down one of their clients' websites (Netflix, etc.). "We have no reason to believe it is at this point," one of their lawyers said.
How does a DDoS attack work?
- The DDoS malware takes advantage of thousands of computers it has already infected with phishing emails. Typically, computer owners aren't even aware their computers are infected.
- From infected computers, it spreads to home and business networks, affecting every device connected to it; it can take over the device and use it to send transmissions.
- The DDoS software can take over DVRs, cable set-top boxes, routers and even Internet-connected cameras that are used by security.
- The entire linked network of the hijacked devices form what's called a botnet, short for "robot network."
- A single botnet can send the millions of messages to a targeted website, temporarily disabling their computer systems. In this case, Dyn was the target.
- A security expert discussing DDoS attacks said, "It could be your DVR, it could be a CCTV camera, a thermostat. I even saw an Internet-connected toaster on Kickstarter (recently)."
Hackers are forever trying to disrupt business on the Internet, but they often count of help from ordinary computer users.
By preventing hackers from infecting our computers (and not becoming part of a botnet), it helps limit the damage hackers can do to us and others. All citizens and companies need to be on guard and avoid visiting websites we don't trust, as well as not opening emails (and attachments) from people we don't know.
Every decision we make online can affect how safe we are.