By Leo Marquis, NDS VP of Field Engineering
In today’s world, if you are on the Internet and can’t reach your favorite sites you may have to ask yourself, am I part of the issue by not unplugging my toaster when I left the house this morning?
On October 21, 2016 starting at approximately 7:00 AM EST a major DDoS (Distributed Denial of Service) attack was directed against three Dyn datacenters in the northeastern United States, which caused widespread disruption of legitimate Internet activity in the US. Dyn is a DNS (Domain Name System) service, which is like an Internet “phone book” that directs users to the Internet address where the website is stored. Such services are a crucial part of the web infrastructure.
How did this happen you ask?
The Internet of things or “IoT” is becoming common place. These are smart devices that we use at home or in our businesses that are connected to a network. These devices range from web security cameras and Internet controlled heating/cooling systems to home management devices such as Internet connected doorbells, refrigerators, DVRs, light bulbs, crock pots and toasters! Unfortunately these devices are easy to hack because they are frequently connected to the Internet with their factory security configuration intact. Default user IDs and passwords for these devices are publicly known making them easy targets for malware.
On October 21st through the use of botnet programs (Malware), hackers were able to employ millions of these vulnerable devices to generate massive volumes of junk traffic to Dyn. This traffic crippled the Dyn servers so they were not able to respond to legitimate requests. This made it hard for users to access some major websites, including Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, and the PlayStation network. Although not directly impacted, Sharetec home banking and other online services were disrupted due to the extremely high volume of traffic the DDoS attacks created.
What can you do?
Make sure that your organization follows best practices for IT security. In particular, any device connecting to the Internet should have a strong password that is different than the default password that came with the device.