NH Company Central to Recent Cyberattack
This article was also published in the November 7, 2016 Seacoast Sunday.
On Oct. 21, a massive Distributed Denial of Service (DDoS) attack targeted Manchester-based Dyn, an Internet infrastructure services company in the historic millyard along the Merrimack river.
Dyn provides infrastructure services and network intelligence that the company states allows its customers to manage the Internet as if it were their own network. In the simplest of terms, this means massive public websites like Amazon, Ancestry, Twitter and LinkedIn respond faster to you when you visit them. Dyn is one of several companies that provide Domain Name Services (DNS) on the Internet. Every website you visit has a numerical address called an IP address. Just like your home has a number and street address, a website has an IP address. For most people, you know how to get to 123 Any St. just the same as you know how to get to grandmother’s house. Either way you say it, but name or by address, it’s the same place. DNS works the same way. When you go to www.cnn.com, that name, called a URL, is translated into the website actual IP address. This is what Dyn and companies like it do for you. They sit between you and the website you are visiting, to be sure you get there in the most efficient way so you have a good experience when visiting the site.
What happened Oct. 21 was a massive, previously not seen, type of DDoS attack. The simplest way to describe a DDoS attack is to compare it to you calling someone on the phone while I stand next to you blasting loud music through a speaker held close to your open ear. The call may go through, but there is no way you will be able to communicate. The hackers sent so much Internet traffic at Dyn’s servers it was unable to service the requests it was receiving. That’s why so many websites appeared to be offline that day. The Internet was not “down,” nor was the individual websites. The path to get to them was being blocked by this massive amount of noise in the way.
I first learned about the attack from my wife. She is a genealogical researcher and works from home. She called me early that morning to say she thought something was wrong with our home network, as she was unable to get to many of her research sites online. A quick check of things quickly revealed our home network was fine, but the Internet was not. Most reports suggest the DDoS attack started before 7 a.m. EDT and lasted until after 6 p.m. EDT, making this one of the most successful hacks in history.
What is unique about this attack, is what was used to perpetrate it. A virus called Mirai targeted Internet of Things (IoT) devices. These are devices that connect to the Internet, but are not considered computers, in the traditional sense, even though in many cases, they really are. They are devices like WiFi connected thermostats, security systems, HVAC control systems, SCADA devices, smoke alarms, home automation systems and more. The list is massive. While more and more of these devices are employing proper security, there are still manufacturers who put out devices with a hard coded default username and password embedded in a chip on the device. Mirai exploits this and on that day, scoured the Internet and found massive numbers of devices with this vulnerability and used them to launch the attack on Dyn. It’s a vulnerability security experts have warned about for years. Most major IoT manufacturers have addressed this, but many have not. It is widely reported chips manufactured by one Chinese company were the major target, based on their poor engineering design.
I am specifically not naming companies that make these chips and IoT devices. While many are known, the investigation is still ongoing at this time and I do not feel it’s appropriate to name names. That’s not the point. The point is this attack exposed a critical vulnerability to our connected world. Some security experts believe this may have been a pre-emptive strike, coordinated to test just how successful such an attack could be. This is likely why the FBI and Department of Homeland Security were involved in the investigation quite early in the day that Friday. There are others who say this was just a group of hackers who tried something and were successful beyond their wildest dreams. There are many theories and many stories being written about this event. We may never know the true extent of the attack or the threat.
What this clearly points out is that disruptions of computer networks are real. So many people expect the Internet to be 100 percent reliable. This attack on Dyn shows it is not, locally, nationally and internationally. It’s an issue that haunts the technology world and one that will take time and coordinated effort to deal with effectively. As I often remind readers, stay safe online!