Friday, October 21, 2016 began innocently enough. In our corner of the world, we were awakened by a driving rain that was predicted to last for most of the weekend. The good news was that the forecast was for high temperatures around 70 degrees on Friday… before crashing down as the weekend progressed. You take the good with the bad when living in the Northeast in October. While weather can be predicted with some (slight?) degree of accuracy, no one could have imagined what would lie ahead on this seemingly normal Friday morning. Without warning, users were suddenly unable to access Twitter, Netflix, Spotify, and PayPal among numerous other popular websites due to a cyber attack on a New Hampshire company (Dyn) responsible for routing Internet traffic. Eleven hours after the hacking occurred, service was successfully restored. What exactly happened, and what can we learn from such an attack? Let’s dig deeper.
As mentioned earlier, Dyn manages a percentage of the Internet’s Domain Name System (DNS) that, in simple terms, allows a web browser to connect to the website that it’s supposed to when a web address is entered. Every single website has it’s own internet protocol (I.P.) address which consists of a series of numbers. We type the letters and words that make up the web address (such as, FinishLineComputerServices.com) to connect to a website. DNS is used to connect the words (web address) and the numbers (I.P. address) to allow us to reach the desired Internet destination. The attack on Dyn successfully employed a widespread distributed denial of service (DDoS), which simply means that users were unable to access the specified website, seeing only an error message in the site’s place. A DDoS attack is designed to overwhelm the server with more requests for information than it can handle, causing the server to overload and crash. This particular attack is scary because it began with malware that was installed to a computer through a phishing e-mail. That computer became infected, which in turn infected every device connected to the home or office’s network, including smartphones, streaming devices, set top boxes, televisions, security cameras, thermostats, etc. These infected devices were then used as part of a botnet (robot network) to send the information requests to Dyn to initiate the DDoS and block access to Twitter, Netflix, Spotify, et al. Specialists haven’t been able to identify who’s responsible for the attack, and no one has taken credit for it at this time.
I realize that this is a pretty heavy subject, and that there’s a lot to absorb here. If you’re unsure or need a refresher on some of the components of this post, we have some “recommended reading” from prior Blog posts for you. Since the seed for this DDoS was planted in an e-mail, make sure you know who your e-mails are actually coming from. For more information on this idea, please read our very first Blog post, “To Click, Or Not to Click…“. If you’re unsure of what malware actually is, click here to learn more. Finally, for more on the concept of phishing, we bring you, “Gone Phishing: How to Avoid Being Scammed Online“. Cyber security is a growing concern in today’s world, and has taken a major role in the presidential campaign. The threat is not going away. Protect yourself the best you can by keeping your computer up-to-date with Windows Update (read “Windows Update – Why Bother“), and always have anti-virus software on your P.C. If you don’t currently have such software and are on a budget, read “Are You Anti-Cash for Anti-Virus?” It’s impossible to totally safeguard ourselves from future attacks, but that doesn’t mean we shouldn’t do the best we can to protect our computers and our own security right now.