DDoS, IoT, DNS and an attack affecting Hundreds of major Websites

If you haven’t already heard, there was a massive DDoS attack on a well known DNS service provider on Friday, October 21st. As a result of this attack, millions of people in the US and parts of Europe were unable to access a very long list of websites, to include tops sites such as: Amazon, Twitter, PayPal, Netflix and Spotify.

The scariest part of this attack? It was carried out by the most unsuspecting IoT devices that many of us use regularly. The largest number of compromised devices in this particular attack were home security cameras and DVRs.

2016-10-21-at-3-03-10-pm-e1477081418411

So, what are DDoS, DNS and IoT and how did this happen? I’ll break it all down for you.

Let’s start with the IoT (Internet of Things) devices.

IoT is the term given to the ever growing network of “Smart” devices that are being connected to the internet. These devices include anything from a wireless smart-lock on your door to your Smart-TV or Amazon Echo. All of these devices are essentially computers and the vast majority of them have a simple Linux based Operating System.

So, with the right knowledge and understanding of the environment, many of these devices can be accessed and made to perform commands similar to a full computer. This wouldn’t be a problem if it wasn’t for the lack of security built in to these devices. IoT devices, for the most part, have a default login and password used to access the system settings and configuration. Unless the owner of this device logs in and changes these default credentials, default login passwords for these devices can be found with a simple Google search. Some lower end IoT devices even have “hard-coded” logins that cannot be changed!

Now for DNS.

DNS (domain name servers), are the servers that are responsible for making sure that you can successfully browse the internet. For example, to get to this site you would probably type in www.cyberstac.com in the address bar of your browser and hit enter. Your computer and all of the stops on the internet don’t know how to interpret that address because they use IP addresses which look like this 66.147.244.150. The DNS takes your the web address that you type in, finds the corresponding IP address and then routes you to that address. This all happens very quickly and behind the scenes but it has a huge impact on the speed and reliability of your browsing. Essentially, if your DNS is down or unreachable, you won’t be able to access any websites unless you know the IPs and how to route to them manually.

Typically, your default DNS is assigned by your internet service provider or based on your location but is able to be changed in the settings. There are also some handy (and free) tools that will help you find the fastest DNS and change your defaults. I like DNS Jumper. Now, before you start switching DNSs, you should know that some employers and organizations require that you use their DNS. So if you are at work or school and change your DNS, it is possible that you may not be able to access the internet.

Last but not least, DDoS. 

DDoS (Distributed Denial of Service) is a type of attack, carried out maliciously, to stop or “deny” service to an organization. DoS (Denial of Service) is the same type attack carried out by one machine (small scale) where as a DDoS is carried out by a network of machines, typically referred to as a botnet. These attacks are usually carried out by having the machines, or botnet, repeatedly send requests or commands to the target so that it becomes overwhelmed with traffic and either freezes or shuts-down completely.

In the attack that we saw Friday, many thousands of compromised IoT devices were used to form a botnet and continually send DNS requests to the Dyn DNS servers. Dyn is one of the larget DNS providers and this is how the attack was able to affect such a large region of internet users. The websites that were unreachable due to the attack were still operating but the users were unable to reach them because their DNS service was under attack.

The simple answer to avoid letting an attack like this affect you is to setup redundant DNS services or check your DNS with DNS Jumper in the event that you are unable to reach any websites yet have internet connectivity.

Another word of advice, to prevent your IoT devices form becoming part of a future botnet, change any default login information to your devices when setting them up and make sure that the firmware is updated if possible.

One thought on “DDoS, IoT, DNS and an attack affecting Hundreds of major Websites”

  1. Damn good write up. Thanks. I think the IoT devices need a *stat* upgrade. Glad I haven’t bought any.
    Thanks Spencer & keep us informed.
    Mike Guinle

Leave a Reply

Your email address will not be published. Required fields are marked *