Ramblings of an old Doc
Twitter, SoundCloud, Spotify, Shopify, and other websites have been inaccessible to many users throughout the day.
Published on October 21, 2016 By DrJBHL In Internet

 

Cyber warfare against Dyn is now being investigated by Homeland Security (as well it should be). Twitter, SoundCloud, Spotify, Shopify, and other websites have been inaccessible to many users throughout the day. 

“We are actively in the third flank of this attack,” Dyn’s chief strategy officer Kyle Owen told reporters around 4:30 p.m. ET today. “It’s a very smart attack. As we mitigate, they react.” - Dyn chief strategy officer Kyle Owen

The fascinating angle of this one is that:

Dyn’s general counsel Dave Allen added that, with the help of other infrastructure companies Akamai and Flashpoint, Dyn has determined that some of the traffic used in the attacks comes from the Mirai botnet, a network of infected Internet of Things devices used in other recent large-scale DDoS attacks." - Techcrunch

Other sites experiencing issues include Amazon, Box, Boston Globe, New York Times, Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Below see the outage map.

 

“The complexity of the attacks is making it complicated for us. It’s so distributed, coming from tens of millions of source IP addresses around the world. What they’re doing is moving around the world with each attack,” - Kyle Owen

Security researcher Bruce Schneier reported in September that several internet infrastructure companies had been targeted with DDoS attacks, although they had not caused the kind of widespread outages experienced today. Shneier wrote that the attacks seemed designed to test companies’ defensive capabilities:

“These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.”

“Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services,” Schneier added." - Techcrunch

If you wish to see the attacks realtime, you can see them here: http://motherboard.vice.com/blog/a-live-map-of-ongoing-ddos-attacks or here: http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=17095&view=map

 

Unfortunately, Norsecorp's website and really nice map are down. 

 

Sources:

https://news.ycombinator.com/item?id=12759520

https://techcrunch.com/2016/10/21/many-sites-including-twitter-and-spotify-suffering-outage/

https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html

http://drjbhl.joeuser.com/article/451447/The_Internet_of_Things_or_You_Have_Mail_from_your_fridge

 

 


Comments
on Oct 21, 2016

The hacker group,  Anonymous , warned this was going to start happening. On it's YouTube video posting , it called for all of it's allies to activate attacks that would affect Corporate backed Main Stream Media outlets as punishment for their dishonesty and outright lies to the American Public.

on Oct 21, 2016

Just as long as there's a noble excuse for this. I'm so relieved. Can't help but wonder where they got the training for all this...bet there are state actors involved. This is not an amateur effort.

I can only hope they find the people responsible and truly make them... unhappy.

After all, businesses are migrating more and more to the net...so this vulnerability to the economy is intolerable.

What we spoke of years ago in strengthening the safeguards to the internet was entirely right.

on Oct 22, 2016

IoT......is it really such a good idea to have seemingly harmless appliances connected to the net? If you leave the door open...

on Oct 22, 2016

The "smart" devices/appliances in your home? No security whatsoever in their OSs, nor in their method of being updated.

Iot: Appliances made by idIoTs.

World would be FAR better off with the previous "dumb" devices, since manufacturers can't be bothered with strong programming and https update methods. IT security? Always pooh-poohed...so, this.

 

http://nr.news-republic.com/Web/ArticleWeb.aspx?regionid=55&articleid=75748389

 

on Oct 22, 2016

someone released the attack code used to knock off krebs a while back. same stuff. don't need geniuses.

 

iot is a waste of space. buy a hub thing.. if it needs to phone home, then give it a couple of years and it's more useless than a paperweight. people talk about iot saving energy like let smart washing machines to do their stuff when energy tarriff is cheap and all... or some external brain syncing/staggering those jobs. it doesn't really. you can't just leave the stuff in the machine and not air the drawers promptly.... or it'll go moldy... spinning is noisy as hell too. low temp washing... rubbish.. the capsules don't dissolve properly, leaving undissolved crap behind... mold eventually... meaning you'll just have to wash the stuff again.

smart fridge restocking stuff automatically (yay. cartons of milk and packs of meat rotting in the sun whilst you are out... if not eaten by the stray animals)

on Oct 22, 2016

DrJBHL

Always pooh-poohed...so, this.

Now that was an interesting easy read.  Maybe now that the theory of using such devices in such a manner has become demonstrated reality there might be some additional pressure to address the issue (?).

Or maybe we'll wait until someone decides, for whatever reason, they want to turn off everybody's furnaces while it's 0 degrees F outside.

on Oct 22, 2016

DrJBHL

my prediction

Yep, you're probably right.

on Nov 07, 2016

I remember as well, as will anyone who was around when "secure certificates" and piblic/private keys came in and the changing laws on encryption and more. I remember someone saying it would take years to crack 128bit encryption. There are people out there that can do it in minutes.

The moment you post on a social media site, access your banking via the internet, click on anything, you are 'technically' open for invasion.

If you want true privacy it is a thing of the past because much of the world is online. everyone wants their 15mins of fame it seems and the seklfies - I hope someone slaps me if I ever do one. then people ask "How did they find me?" Ummmm - possibly because you put your address online?

Anyway - the DDOS attacks are the hacker anarchists. Some people with skills are pissed off with the world, sad fact of life. some people are the true "Schadenfreudes" of the world that delight in the suffering of others.

I say a big YES to Homeland, FBi and whomever has power to wield to enforce penalties on people that maliciously do this for no reason other than creating misery. 

 

While it will never stop everyone, it will stop many who might have been thinking about it.

cheers.