Massive Cyberattack from Webcams and Other Connected Devices Broke the Internet- Here’s How it Happened

*Updated October 25th 2016 to include new information about the incident.

Starting in the early hours of Friday, October 21, 2016, a Distributed Denial of Service (DDoS) attack flooded one of the largest DNS server companies in the world, bringing half the Internet to a screeching halt.

It began when the east coast experienced difficulty accessing a slew of major, well-known websites and services. When trying to access these sites, users were greeted with slowness as well as an “unable to reach server” page, denying them access to the websites. It was later confirmed that the Mirai malware was responsible for a majority of the attack. Mirai is a form of malware that infects “Internet of Things” (IoT) devices. 

This particular attack is the first of its kind. The company that experienced the attack reports that “one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed tens of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.” That means tens of millions of computers were sending data to targeted websites, simultaneously.

Outage "Heat Map" on Friday, October 21st during the time of the attacks.

 

What is a DDoS Attack and How is it Done?

When you hear about a website being “brought down by hackers” it means that it’s become the target of a DDoS. Oftentimes, a DDoS attack utilizes what is called a botnet. A botnet is a network of computers, phones, and tablets that have been infected with malware and are then controlled by the botnet’s owner. The “commander” of the botnet then instructs all of the devices to request massive amounts of data to a particular target, or website. Think of it as having millions of people arriving at a restaurant all at the same time and having to wait to be seated once the restaurant is full. Every restaurant or in this case Internet server has its limit, and as a result of too much data being sent at once, it crashes, and is unable to be accessed at all.

Mirai Malware: The First “Internet of Things” Malware

The Mirai malware is the very first IoT malware released into the wild. IoT devices are electrical devices — such as DVRs, printers, and home appliances — that are connected to the Internet. One thing about IoT devices that is often overlooked is that they are ALL computers, connected to the Internet. These computers, even though some are as small as a coin, are still vulnerable to malware, just like standard computers, tablets, and phones. Up until now, there has been a lack of clarity on the security of IoT devices. This event blew the doors wide open on that and unveiled that cyberattacks don’t have to be complex. The Mirai malware is simple in nature; all it did was scan devices on a network that used default passwords. So basic security steps could have prevented Mirai from wreaking as much havoc as it did.

Default passwords are a very bad thing. A person can simply do an Internet search on the make and model of a device, then add the term “default password,” and open the device right up. In this case, this Mirai malware had a stored database of IoT device credentials for routers, allowing it to access the networks hosting IoT devices and use them to log into those devices. From there, it just planted the malware and started sending data to the target websites, bringing them down.

Brian Varner, a Principal Researcher at Symantec, points out that people don’t log into IoT devices regularly, as they do with computers. “Most IoT devices are install it and forget it,” so in most cases people do not know the last time the software was updated. “I believe that most people think that IoT devices are inherently secure due to their small size,” says Varner. However, IoT devices need to be treated like any other computer on a home or company network. “This means that in most cases they require a human to interact with them to apply security updates,” reminds Varner.


The Responsibility of Helping Protect the Internet Lies with All of Us
A hacker attack at such a wide level may seem scary, but even more so when the attacks came from devices in our homes. While some media outlets are over-sensationalizing this event, the important takeaway is that you can do something to prevent DDoS attacks like this in the future. If anything, this particular attack has opened the eyes of millions of people by showing how important Internet security is in this day and age. And the fact is that security is not just a one-way street. Although reputable companies do try to build in basic security protocols into their products, everything is still vulnerable. If we want nice things, we have to share our responsibility in protecting them.

Protect What You Can:
The best way to defend all of your devices is to protect what comes in contact with your network. By installing a reputable Internet security program, such as Norton Security, it will protect your phones, tablets, and computers against the multitude of malware on the Internet landscape. The more protected your devices are, the less chance you have of becoming an unwilling participant in these types of attacks.

Secure That Router!
Your router is essentially the front door to your Internet home. The VERY first thing you should do is change the default password. You should be able to find the instructions online by doing an Internet search of your router’s make and model number, and using the search term “setup” or “change default password.” For a more in-depth look at how to secure your router, check out “How to Securely Set Up Your Home Wi-Fi Router.”

Don’t Forget About IoT — They’re Computers Too!
As with routers, do some research on your device to see if it has a default password. If it does, the manufacturer’s website should have instructions on how to change it. Make sure the password you create is complicated, unique, and hard to guess. Be sure to not share passwords with other devices as well. It may seem like an easy “hack” to remember them; however, if a hacker gets a hold of one password, they can try that password on other things.

 

Stay Protected and Carry On!
We now live in the age of the Internet of Things. More and more devices are becoming connected to the Internet — not just tablets, phones, and computers.  These devices make our lives more convenient, entertaining, and connected. When it comes to Internet security, it is vital we take steps to protect all of our things. Attackers mostly go after computers, laptops, and smartphones, but this attack goes to show that the focus is shifting to IoT devices as well.

The best way to get ahead of the bad guys is to participate in your own Internet security. Educate yourself about the threats out there and how they can affect you. Use security software, research your devices and secure them, and tell your friends to do the same! When more of us stay protected together, attackers will have fewer targets to take advantage of.