Sunday, October 23, 2016
And You Said They Couldn’t Hack It!
Most of the Internet is an amalgamation of wires and fiber optic cables (plus stuff flying through the atmosphere) which, though complex routers, move Web traffic back and forth between consumers, businesses and other entities. Banking transactions, our entire electrical power grid, personal and business communications, social media, encrypted secret government information, entertaining content, news, commercial transactions and legal matters flow like rushing water from servers through the system to routers, hard drives (commercially larger dedicated hard drives are called servers) to be acted upon, automatically in some instances or perhaps winding up on a consumer’s home screen.
Malware creeps across the Internet, managed by sometimes really sophisticated software and hardware experts, from government operatives to cyber criminals. They inveigle their way through momentary lapses in security systems or fly into computers without strong barriers to such attacks. Little unwanted tracking programs – from cookies planted by commercial sites to “remember their consumers” and shopping histories to wholesale spying software that might look at each keystroke, every message, every picture and every word – find their way into computers and servers everywhere. Some are permission-based (internet service providers, RSS feeds, shopping and banking sites, etc.), some are court-sanctioned governmental intrusions, a few are criminal plants and the rest… well all over the map.
Sometimes, someone with a malware-infected stick drive will carry that infection into the most secure systems “as part of my job.” Sometimes the malware is not stealing information; it is trying to shut down a system. On October 21st, key urban centers in the United States experienced multiple sequential waves of so-called “denial of service” attacks, bringing down some of the largest Websites in the land, from Netflix and Amazon to Twitter, Spotify and even the New York Times to name a few.
Wikipedia tells us: “In computing, a denial-of-service (DoS) attack is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations.”
These denial of services attacks are seldom a shot from a single computer aimed at taking down servers. Instead, the perpetrators use vulnerable consumer or business computers as their unwilling assistants, taking over lots of such computers and turning them into “bots” (effectively robots) to do the perpetrator’s bidding. By exercising direct control of these unwilling computers, this mass of electronically-connected sources is directed simultaneously to flood the victim site with hits and requests, overloading and then shutting down the target site.
How many times have you seen or purportedly transmitted some seemingly innocuous email or other communication recommending a product or service or site (often itself infected with malware and waiting for the unwary to click)? Someone, even you, may have been botted, with the perpetrator taking over your contact list or your email history for use in their nefarious efforts. What happened on October 21st?
“The company [that manages crucial parts of the internet’s infrastructure… a complex digital switchboard if you will], Dyn, whose servers monitor and reroute internet traffic, said it began experiencing what security experts called a distributed denial-of-service attack just after 7 a.m. Reports that many sites were inaccessible started on the East Coast, but spread westward in three waves as the day wore on and into the evening.
“And in a troubling development, the attack appears to have relied on hundreds of thousands of internet-connected devices like cameras, baby monitors and home routers that have been infected — without their owners’ knowledge — with software that allows hackers to command them to flood a target with overwhelming traffic…
“Security researchers have long warned that the increasing number of devices being hooked up to the internet, the so-called Internet of Things, would present an enormous security issue. And the assault on Friday, security researchers say, is only a glimpse of how those devices can be used for online attacks.
“Dyn, based in Manchester, N.H., said it had fended off the assault by 9:30 a.m. But by 11:52 a.m., Dyn said it was again under attack. After fending off the second wave of attacks, Dyn said at 5 p.m. that it was again facing a flood of traffic…
“Dyn is one of many outfits that host the Domain Name System, or DNS, which functions as a switchboard for the internet. The DNS translates user-friendly web addresses like fbi.gov into numerical addresses that allow computers to speak to one another. Without the DNS servers operated by internet service providers, the internet could not operate.
“In this case, the attack was aimed at the Dyn infrastructure that supports internet connections. While the attack did not affect the websites themselves, it blocked or slowed users trying to gain access to those sites…
“In a recent report, Verisign, a registrar for many internet sites that has a unique perspective into this type of attack activity, reported a 75 percent increase in such attacks from April through June of this year, compared with the same period last year.
“The attacks were not only more frequent, they were bigger and more sophisticated. The typical attack more than doubled in size. What is more, the attackers were simultaneously using different methods to attack the company’s servers, making them harder to stop… The most frequent targets were businesses that provide internet infrastructure services like Dyn.” New York Times, October 21st.
The main focus of this “device takeover,” involved the release of Mirai malware, which focuses on less-guarded peripherals: “Researchers say Mirai exploited security vulnerabilities in thousands of internet-connected devices such as web cameras, then used those devices to attack a major internet firm, resulting in widespread outages. Researchers say Mirai has been used before, but not on the scale of Friday's [10/21] attacks.” ABCNews.com, October 24th.
But the bigger question is “why” the October 21st attack. Because they could? Amateur but sophisticated? An unfriendly government messin’ with us? Was someone sending a message? Was extortion involved? Was this just a test in advance of something much, much worse? “Members of hacktivist groups Anonymous and New World claimed the outage was retaliation for the Ecuadorian government cutting off the internet of WikiLeaks founder Julian Assange [who had taken asylum in their London embassy].” AOL.com, October 22nd. Really? Not a government? Or…???
But the real lesson in all of this is how woefully unprepared and unprotected we are from cyberattacks… in a nation that is totally dependent (read: addicted) to the Internet for just about every facet of our lives. And Congress seems unwilling to vote for sufficient appropriations, companies are mostly not willing to commit the cash necessary, to shore up a system that is exceptionally vulnerable to an attack that could shut our country, our economy and a good chunk of our daily lives down in just a few seconds.
I’m Peter Dekom, and what good is a super-expensive military when the country it is designed to protect unravels itself back home?