Kudos4 Stats

Massive Cyberattack from Webcams and Other Connected Devices Broke the Internet- Here’s How it Happened

*Updated October 25th 2016 to include new information about the incident.

Starting in the early hours of Friday, October 21, 2016, a Distributed Denial of Service (DDoS) attack flooded one of the largest DNS server companies in the world, bringing half the Internet to a screeching halt.

It began when the east coast experienced difficulty accessing a slew of major, well-known websites and services. When trying to access these sites, users were greeted with slowness as well as an “unable to reach server” page, denying them access to the websites. It was later confirmed that the Mirai malware was responsible for a majority of the attack. Mirai is a form of malware that infects “Internet of Things” (IoT) devices. 

This particular attack is the first of its kind. The company that experienced the attack reports that “one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.” That means tens of millions of computers were sending data to targeted websites, simultaneously.

Outage "Heat Map" on Friday, October 21st during the time of the attacks.

What is a DDoS Attack and How is it Done?

When you hear about a website being “brought down by hackers” it means that it’s become the target of a DDoS. Oftentimes, a DDoS attack utilizes what is called a botnet. A botnet is a network of computers, phones, and tablets that have been infected with malware and are then controlled by the botnet’s owner. The “commander” of the botnet then instructs all of the devices to request massive amounts of data to a particular target, or website. Think of it as having millions of people arriving at a restaurant all at the same time and having to wait to be seated once the restaurant is full. Every restaurant or in this case Internet server has its limit, and as a result of too much data being sent at once, it crashes, and is unable to be accessed at all.

Mirai Malware: The First “Internet of Things” Malware

The Mirai malware is the very first IoT malware released into the wild. IoT devices are electrical devices — such as DVRs, printers, and home appliances — that are connected to the Internet. One thing about IoT devices that is often overlooked is that they are ALL computers, connected to the Internet. These computers, even though some are as small as a coin, are still vulnerable to malware, just like standard computers, tablets, and phones. Up until now, there has been a lack of clarity on the security of IoT devices. This event blew the doors wide open on that and unveiled that cyberattacks don’t have to be complex. The Mirai malware is simple in nature; all it did was scan devices on a network that used default passwords. So basic security steps could have prevented Mirai from wreaking as much havoc as it did.

Default passwords are a very bad thing. A person can simply do an Internet search on the make and model of a device, then add the term “default password,” and open the device right up. In this case, this Mirai malware had a stored database of IoT device credentials for routers, allowing it to access the networks hosting IoT devices and use them to log into those devices. From there, it just planted the malware and started sending data to the target websites, bringing them down.

Brian Varner, a Principal Researcher at Symantec, points out that people don’t log into IoT devices regularly, as they do with computers. “Most IoT devices are install it and forget it,” so in most cases people do not know the last time the software was updated. “I believe that most people think that IoT devices are inherently secure due to their small size,” says Varner. However, IoT devices need to be treated like any other computer on a home or company network. “This means that in most cases they require a human to interact with them to apply security updates,” reminds Varner.

The Responsibility of Helping Protect the Internet Lies with All of Us
A hacker attack at such a wide level may seem scary, but even more so when the attacks came from devices in our homes. While some media outlets are over-sensationalizing this event, the important takeaway is that you can do something to prevent DDoS attacks like this in the future. If anything, this particular attack has opened the eyes of millions of people by showing how important Internet security is in this day and age. And the fact is that security is not just a one-way street. Although reputable companies do try to build in basic security protocols into their products, everything is still vulnerable. If we want nice things, we have to share our responsibility in protecting them.

Protect What You Can:
The best way to defend all of your devices is to protect what comes in contact with your network. By installing a reputable Internet security program, such as Norton Security, it will protect your phones, tablets, and computers against the multitude of malware on the Internet landscape. The more protected your devices are, the less chance you have of becoming an unwilling participant in these types of attacks.

Secure That Router!
Your router is essentially the front door to your Internet home. The VERY first thing you should do is change the default password. You should be able to find the instructions online by doing an Internet search of your router’s make and model number, and using the search term “setup” or “change default password.” For a more in-depth look at how to secure your router, check out “How to Securely Set Up Your Home Wi-Fi Router.”

Don’t Forget About IoT — They’re Computers Too!
As with routers, do some research on your device to see if it has a default password. If it does, the manufacturer’s website should have instructions on how to change it. Make sure the password you create is complicated, unique, and hard to guess. Be sure to not share passwords with other devices as well. It may seem like an easy “hack” to remember them; however, if a hacker gets a hold of one password, they can try that password on other things.

Stay Protected and Carry On!
We now live in the age of the Internet of Things. More and more devices are becoming connected to the Internet — not just tablets, phones, and computers.  These devices make our lives more convenient, entertaining, and connected. When it comes to Internet security, it is vital we take steps to protect all of our things. Attackers mostly go after computers, laptops, and smartphones, but this attack goes to show that the focus is shifting to IoT devices as well.

The best way to get ahead of the bad guys is to participate in your own Internet security. Educate yourself about the threats out there and how they can affect you. Use security software, research your devices and secure them, and tell your friends to do the same! When more of us stay protected together, attackers will have fewer targets to take advantage of.




can Norton Security clean up my DVR, printer, other IOT devices? How or what do I need to do to get them clean?

Norton works on a Windows or Mac OS. I have not heard of DVRs or Printers getting infected. What do you feel they need to have cleaned? 

Reports are that the malware


Reports are that the malware infected DVRs, Webcams and other IoT devices.  What do your products do to detect open susceptible ports that may be hanging off of your network?  One hardware manufacturer has the default password burned into the firmware and it can't be changed.  It would be great to have a product that could detect all vulnerabilities on the home network. 

Can you provide a link to


Can you provide a link to these reports?

For Norton to provide any protection the device would have to be directly connected to a Norton protected PC. The protection would be in the fact that Norton would catch any malware that tried to get into the PC. So it would be caught before getting anywhere near any attached devices.

Looking at the updated


Looking at the updated information in this blog, your first line of defense is your home router. If you have changed the default password to a complex password, the bots would not find your devices behind that router. They would therefore not be infected.

At this time, Norton has nothing that can clean an infected connected DVR or fridge. But again if you have secured your router since any possible infection, the bot net would not be able to make contact again to cause trouble.

Comcast informs me that my

Comcast informs me that my DVR and router are part of their own system only and not in the Internet, therefore safe from infection. Can I trust that?

If the DVR does not have any


If the DVR does not have any separate connection to the internet, ie for Netflix or other online services, it should be safe. Where there could be a problem is if your DVR is connected to your router. Then it would depend on how well the router has been protected.

As noted above, you need to change the default password on the router so that these bots cannot guess their way into your network.

Changing the password on your


Changing the password on your router is definitely a good first line of defense.  But keep in mind that certain webcams and other IoT devices require "port forwarding" or other "holes" be punched through your router in order to provide access from the outside.  For instance, some webcams have embedded webservers on them which allow users to connect via the Internet to see how things are going at home.  It requires some router configuration to allow it, but it's fairly common.  In those instances, the router password won't protect you.  You'll still need to make sure the default passwords on those IoT devices are changed.  For the devices with hardcoded passwords, your best defense is to make sure they're not exposed to the Internet.  In other words, don't set up port forwarding or firewall passthroughs for those devices.  Only make them accessible inside your home network.

For Norton to protect ALL your home devices, it would have to start manufacturing routers (or some other type of inline device that sits in front of the router).  And to be honest, it wouldn't surprise me if Product Managers inside Symantec were already thinking about this.  It's the only way Symantec would truly be able to protect ALL your home devices - by filtering and controlling all the traffic to and from the same.  I think it's the direction we're ultimately headed in an IoT world.  And believe me - if they did come up with something like that, I'd be first in line to buy it!

I've checked with AT&T Uverse

I've checked with AT&T Uverse and they have instructions on how to change both my router's name & password. They also have instructions for removing the router's WiFi information from being transmitted making it invisible to everyone around you. The instructions say that if I choose to do this, that I will need to manually enter the router's name & password into each piece of equipment that uses the router's WiFi (PC's, printer, mobile phones). Is this an additional security step that you'd recommend?

The attacks noted in this


The attacks noted in this blog would not normally be done over a wifi connection. They would usually come in through the WAN connection to your router. This extra step is only necessary if you are a little paranoid about your security and want the absolute safest wifi connections. It will protect you from someone sniffing your connection. As long as you have a strong, hard to decipher WPA2 password, that is usually enough.