A massive Distributed Denial of Service (DDoS) attack struck the world wide web last Friday, Oct. 21, rendering problematic disruptions on various sites such as PayPal, Reddit, Spotify, among others under Dyn, a company that acts as a dedicated online optimization infrastructure located in New Hampshire.
Hackers were able to extend a method to different devices including DVRs, webcams, security cameras, baby monitors, and others with internet connectivity.
Cybersecurity firm Flashpoint now believes that the culprit behind the widespread attack were most likely amateurs.
"Despite public speculation, Flashpoint assesses with a moderate degree of confidence that the perpetrators behind this attack are most likely not politically motivated, and most likely not nation-state actors," the firm noted.
The hackers may have used a malware named Mirai, which invades the web-connected gadgets of unsuspecting people and converting them into a system that can be used in a cyber attack.
CEO Ziv Gadot of Red Buttons, a cyber security firm specializing in DDoS attacks, mentioned web-linked devices are a fertile ground for hackers. He thinks that such devices with computers in them and can access the internet still have unprotected security.
He added that hackers can use unsuspicious items like security cameras, webcams, or even refrigerators to connect to a network of computers and produce an excessive amount of requests that even a strong service like Dyn cannot handle.
Dyn reported that three heavy attacks from millions of IP addresses were behind the massive cyber crime, making it one of the biggest attacks in history. Additionally, each one of the attack came from various sources that made it very hard to block.
Attacking large domain service providers like Dyn could create huge disruptions because these firms are the ones in charge of forwarding significant volumes of internet traffic.
Outages last Friday were sporadic and geographically diverse. Lots of users have complained they were not able to open several internet sites such as The New York Times, Mashable, The Wall Street Journal, Yelp, and CNN. Business sites like Amazon, Spotify, PayPal, Reddit, AirBnB were also affected. The outages started in the United States Eastern Coast before spreading to other parts of the country and in Europe.
Dyn stated it was able to resolve the first attack in the morning that halted operations for around two hours. It then discloses that a second attack followed a couple of hours after causing further disruptions. And by the evening, a third attack ensued.
The White House issued a statement that the Federal Bureau of Investigation and the U.S. Department of Homeland Security was closely monitoring the situation and will be taking a keen eye on the matter. This came after the leaked release of the Mirai malware code.
Image: Christiaan Colen | Flickr