Saturday, 5 November 2016

Denial of Service Attack on Dyn!

Boy, that does sounds like the title of a sci-fi flick.

Anyway.

I'm sure many of you have heard about the massive DDoS attack on Dyn by now. You know, the one that caused several Internet services to be unavailable for extended periods of time? Services like PayPal, Amazon and Twitter? It happened just around the third week of last month and caused quite a stir.

Dyn themselves released a statement on this attack. The details are interesting. Apparently, while Dyn employs safety and security features such as load-balancing and malware protection, the attack that occurred was of an unprecedented scale and sophistication, and actually caused them some concern. Dyn is a Domain Name Server (DNS), which basically means they help map URLs to numbered IP addresses, the kind only computers can read without great discomfort. And the attack caused those addresses to go AWOL for the duration.

OK, so what's a DDoS?

For those who aren't sure what a DDoS is, it stands for Distributed Denial of Service. What happens is that attackers make use of several computer terminals to send requests over the Internet to their target, flooding it with traffic and eventually causing it to stumble (or even crash) under the load. Mothers would probably understand this one - imagine feeding a  baby, talking to the mother-in-law on the phone while five other kids clamor for your attention. Now imagine juggling five babies, ten phone conversations and twenty kids. And then multiply that stress level by several millions.

That's what Dyn's servers had to deal with - a motherload (pun intended) of spam in one go, drowning out the legitimate users of their services.

Now, while the attacks were of an extensive scale, the nature of the attack was DDoS, which has existed for as long as - well, let's just say that DDoS ain't the new kid on the block. If I were to say it has been around for 30 years, that wouldn't be stretching the truth.

Yep, older than this.

The mode of attack wasn't new - it was the implementation that gives one pause.

The Internet of Things

Unlike the old days, in this particular assault, venues of attacks weren't restricted to computer terminals with an Internet connection. Now many things have Internet connections - mobile phones, copiers, webcams, smart toasters, the list of devices goes on. Now with the Internet of Things being in vogue, Dyn was under siege from all manner of devices. And that's a scary thought. Imagine Twitter being brought down by your refrigerator.

A group that calls themselves New World Hackers has claimed responsibility behind the attack, and stated that it was their intent to bring awareness to the vulnerability. Whatever their intentions really were, I say bravo - it certainly accomplished that. A great many people have been shaken out of their complacency.

I think many people constantly underestimate just how dangerous the Internet is. It's a useful tool, yes, and at times an untamed and unpredictable one. Who's to say the device you're reading this blogpost on, isn't at this moment being compromised for nefarious purposes? You think that nifty new antivirus program you bought last year, or even last week, is bulletproof? Please. As long as you're connected to the Internet, you're vulnerable. Don't ever forget that. The worst thing is, dependency on the Internet is growing as we speak. Can't log into your computer without a Microsoft account? Gotcha. When's the last time you used your phone for, I dunno, making a call instead of surfing the net?

If you've gone this far without any obvious signs of having been compromised, it's not because you're good, it's not because you're well protected, it's not because God is smiling on you after you gave up your seat to the old lady on the train today, and it's certainly not because hackers are afraid of you. It's because you've been lucky. Simple as that.

Ya feelin' lucky, punk?

There anything you can do about it? Sure. Don't use the Internet. But please don't heed my advice, because that would eventually put me out of a job.

Seriously, though.

The Internet is a useful tool (did I just say that twice in one blogpost?) but don't ever let it be more than that. Exercise due caution. Don't get over-dependent on it, because I'm pretty sure this historic attack isn't a one-off thing. I mean, really, do you absolutely need a smart toaster? The capability is in place, and the potential to do a great deal of harm on a massive scale is there, and has been there a while now. This attack shouldn't have surprised anyone. It was a matter of when, not if.

At your (denied) service,
T___T

No comments:

Post a Comment