Friday's attack on critical internet infrastructure is likely the first of many, with a hacking group claiming responsibility and saying that it was only a test and that another larger attack is still to come. So reports the Associated Press, which notes that the method used by the attackers relied on unsecured "internet of things" devices and cannot be easily stopped.
The attack on Dyn, a New Hampshire-based company tied to the Domain Name System, meant browsers were essentially unable to find their intended destination. According to the company, DNS turns web addresses like "twitter.com" into a machine-readable IP address — with that service down, sites such as Twitter, Netflix, and Spotify couldn't be located. In attacking one company, Dyn, the hackers were thus able to prevent access to other websites that rely on Dyn's DNS services.
As Krebs On Security reports, hackers likely used a botnet that consisted of compromised devices like internet CCTV's to launch a distributed denial of service attack (DDoS). Because many of these devices are shipped with default passwords, and because consumers often fail to change those passwords, hackers can easily gain control over the cameras.
The group New World Hackers claimed responsibility for the attack in a Twitter message, and told a reporter with the AP via direct message that they don't really have any beef with Dyn. Rather, they just wanted to get everyone's attention and prep for an upcoming attack. "Twitter was kind of the main target," someone who identified him or herself as "Prophet" wrote. "It showed people who doubted us what we were capable of doing, plus we got the chance to see our capability."
Prophet also reportedly told the same reporter that the next target would be aimed at the Russian government.
Regardless of the truth of Prophet's claims, Krebs On Security warns us that attacks like the one we saw Friday are likely to become more common in the future. Malware by the named of Mirai, which is believed to have been used to harness the IoT botnet, has been released publicly and is rather low-tech to employ.
So, in other words, get used to a future where your internet-enabled refrigerator ruins your ability to Netflix and chill.
Previously: Twitter, Spotify And Other Sites Suffered Outages Due To DDOS Attacks