A group of American websites were the victims of a cyber attack on Friday. Social media websites such as Reddit and twitter and Music service Spotify were among the sites which went offline as a result of the attack.
All affected sites were connected to the DNS service Dyn which was the original target of the attack. Dyn works by navigating users to the web address of the website. DNS services are a vital part of the infrastructure of the World Wide Web.
The attack has been described as a ‘global event’ due to it affecting ‘tens of millions’ of addresses. The attack happened in the form of DDoS – a distributed denial of services, which works by using an exchange of co-ordinated messages between thousands of machines to overwhelm the service.
Further analysis has provided insight into how the attack was executed. Analysts believe that the hackers used Smart home devices which were connected to the internet as a path to the attack. Various gadgets and devices, such as the lights, the TV, the washing machines etc can be connected and co-ordinated. This is known as the ‘internet of things’.
Security firms concluded that the hackers had used a malware called ‘Mirai’ in the attack. The malware works by finding internet of things devices which are protected by factory usernames and passwords which are default and cannot be changed. They are easy to take control of. The malware then uses the devices to create junk traffic at the website which is the target, until the website cannot accommodate authentic visitors and users.
The device owners generally don’t find out or realise that their device was used in an attack.
Several media houses that do not employ Dyn but outsource services to websites, who do employ Dyn, also experienced disturbance caused by the attack.
This is one of the first times a DDoS attack has been of such a wide scale. These attacks usually focus on one single target, but by attacking a DNS service they were able to affect some of the world’s largest and most popular websites.
This attack has been described as a sobering moment for the world in regards to the positive aspects of the internet. While smart devices are useful, their lack of security has led to worldwide concern.