How to Take Down the Internet
It has become commonplace to take the stability of the Internet for granted. It was there yesterday, it’s still there today, and it will likely persist into tomorrow. But the truth is – there is a vast infrastructure supporting the Internet that has been obscured from the view of the end user. While the majority of cyber attacks seek to compromise a single internet accessible resource, recent attacks have been much more pervasive in nature. The second half of 2016 has seen some of the largest distributed denial of service (DDoS) attacks on record. These are cyber attacks that leverage hundreds of thousands of previously compromised devices in order to perform a single coordinated attack.
A DDoS attack attempts to exhaust the available resources in order to render a system unresponsive or unreachable. Quite simply, these “botnets” of infected devices are used to send large amounts of information to the victim server on the internet. So much information, that the victim server can no longer respond to legitimate requests. Recent cyber attacks have crested 1 Terabit per second, a staggering volume of traffic.
The scale of these massive cyber attacks can be attributed to several issues related to the growing Internet of Things (IoT). As internet connectivity becomes standard on more and more electronic devices such as refrigerators, security cameras, thermostats, and televisions, the number of devices accessible via the internet has increased rapidly. Malicious attackers are constantly scanning the internet looking for these types of devices. There is one strain of malware in particular that has become widely known as a mechanism for exploiting these IoT devices: Mirai. Mirai is software which injects itself into the volatile memory (RAM) of IoT devices. After successful infection, the device becomes a member of the Mirai botnet, that is a network of previously infected devices. These functions of these infected devices are twofold. First, every device becomes another scanner looking for more vulnerable devices over the internet. Secondly, each device responds to commands delivered from a central control server. This means that, without any interaction from the attacker, the Mirai botnet is constantly adding new devices to its ranks.
One may ask, “How does Mirai gain access to these internet connected devices?” In this case, there is no sophisticated software vulnerability exploitation. In reality, the Mirai botnet is simply looking for devices whose passwords have not been changed from the vendor default values. When a new device is discovered, Mirai uses a predetermined list of usernames/passwords in order to attempt to log into the device. If successful, the Mirai botnet gains a new member. If unsuccessful, the scanning device simply moves onto the next potential victim. This incredibly simple mechanism has proven very effective at building an army of infected devices that respond in unison to centrally issued commands.
This botnet has grown so large, that is capable of targeting the infrastructure supporting the internet itself. The Domain Name Service (DNS) is a system of servers that translate domain names, such as www.ocd-tech.com, to IP addresses. This system allows users to remember and use domain names, rather than IP addresses, while browsing the internet. Without DNS, there is no mechanism to locate a particular resource on the internet. The Mirai botnet was used to target the servers of a large DNS service provider.
The attack was directed at an infrastructural level, rather than at a single website. And because of this, on the morning of October 21st, 2016, users across the United States found that some of the most popular websites were unreachable. Reported outages included Twitter, Netflix, Amazon, Reddit, and Spotify, along with numerous others. The botnet is still active and has shown that it’s crucial to change default passwords on all networked devices, and in this new age, that means taking steps to secure your smart thermostats and televisions, security cameras, etc. This simple attack mechanism has exposed some of the teething issues associated the new Internet of Things. The added connectivity and ease of use often comes at the price of a decrease in security.