On October 21, 2016, a distributed denial of service (“DDOS”) attack of epic proportions was released upon the United States of America. Many security firms say that this attack was one of the largest they have ever encountered. The folks on the war front were American citizens from dozens of corporations throughout the U.S. Companies like Dyn, Twitter, Netflix, PayPal, and Amazon were brought down for hours. What is the most amazing part of this story is that you may have had a hand in these attacks. Hacked home devices helped the attackers flood the internet with fake requests to Domain Name Servers. And I watched it all unfold from the comfort of my home using a laptop.
During the cyber attack, I brought up Fortinet– an online intelligence platform that collects and analyzes live threat intelligence from darknets in over 40 countries and displays the information near real-time on a map of the world (http://threatmap.fortiguard.com). I felt like I was in the middle of WWIII or for you old timers like me, the movie “WarGames” (http://youtube.com). I watched the whole world attack the US from tens of millions of IP addresses. It was quite intense and it lasted for several hours at different times during the day. An article from Fortune.com said that the attack threw 1.2 terabits of data per second at the DNS servers on the East coast. Note that it is fun to watch it even today!
For those of you who are new to cyber attacks, companies in the US are under DDOS attacks every day. In fact, I know of some utilities that have over 200 attacks a day. Why do they do it? The reasons are numerous and they range from political motivation, revenge, and motivation for money through blackmail or industrial sabotage. For the October 21st event, two of the reasons mentioned above were discussed in several articles.
Companies try to prevent them from using sophisticated equipment, and help from their Internet Service Provider, hosting company or 3rd party service company. Companies like Verizon and AT&T sell security products and services to fight the attackers before the problem gets very real. But now, the problem is also self-inflicted by our own devices in the US. Many cybercriminals are using our own computers and the Internet of Things (“IoT”) devices against us. Note that one security firm (Imperva) found that some of the compromised devices were security cameras located in dozens of countries around the world. This was quite evident when I was watching the attack using Norse. It seems like it was the US against the world.
As stated in the article from USA Today (http://www.usatoday.com/) – “Troubling to security experts was that the attackers relied on Mirai, an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch DDoS attacks. The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance”. How scary is that? And to make matters worse, the software was released on GitHub and the code was still there when I was researching the attack that just happened.
So how can you help prevent cybercriminals and nation states from taking advantage of you with your home computers and devices? The five most important steps you can take are to 1) turn off your device when not in use; 2) update your router’s firmware to the latest release or purchase a new router; 3) disable the ability to remotely manage your router; 4) disable Universal Plug and Play (“UPnP”); 5) make sure you are not using the router’s default password. If all of this is too much for you, get one of your geek friends (like me) to assist you. Who knows, you may stop the next DDOS attack from breaking out.
Do you want to know more about cyber attacks or data breaches? A fantastic report to read is Verizon’s DBIR report (http://www.verizonenterprise.com) where they show that 80% of cyber attacks are for financial gain.