Yesterday’s IoT attack on Dyn

Yesterday criminals used an “Internet of Things” (IoT) botnet to attack dyn.com, a provider of name services. The domain name service (DNS) is the network protocol that converts something memorable (like http://www.amazon.com) into the IP address you browser needs (54.239.26.128) in order to connect to the remote server hosting the web page you want to visit. dyn.com is a company that provides these services. And as the InfoSec Handlers point out, lots of big-name web sites including twitter and spotify use dyn.com services and were affected by the attack.

IoT is the name given to consumer devices that you can buy and then attach to the Internet for various reasons (I’ve written about IoT before). Many of these devices have really poor security. They commonly have default and well-known passwords that many users don’t change. So there are lots of Internet-connected devices (easily discoverable with databases like Shodan) with no protection against someone who knows the default passwords.

Brian Krebs has a lot of good detail about yesterday’s attack and how it was the work of IoT devices like video cameras and DVRs controlled by Mirai. Mirai is (publicly available!) malware that scours the Internet looking for devices with default passwords and uses them to attack specific targets. Yesterday someone pointed those devices at dyn.com, and that’s why you had trouble tweeting about why you couldn’t listen to your music.

Manufacturers have sold a lot of this IoT junk, and we’ll be stuck with this sort of thing for years.

Advertisements

Author: carl

A web programmer and Linux system administrator who would like to be a writer.