- What exactly happens when there’s an Internet outage?
- Hasn’t this happened many times before and what’s different now?
- Are we dealing with Internet vandalism or something more sinister?
- Security of the Internet of Things keeps NSA hacking chief up at night
- Unfortunately... there is very little we can do
- Even two days without Internet would spell bad news for everyone
On Friday 21 October, various parts of the US reported large-scale, historic Internet takedowns and network congestion affecting various websites including Reddit, Amazon, Airbnb, Paypal, Netflix, Twitter, Spotify and the New York Times. The outages were caused by a large DDoS attack (Distributed Denial of Service) aimed at Dyn, the Internet infrastructure company in New Hampshire that provides critical technology services to the Internet’s top destinations. In the attacks, traffic to Dyn’s Internet directory servers all throughout the US was disrupted by malicious requests from millions of IP addresses.
1. What exactly happens when there’s an Internet outage?
DDoS attacks typically overwhelm servers with millions of data requests, preventing regular users of these servers from having their legitimate queries answered. This then results in failure to load website pages and a dramatic drop in website traffic. Dyn described the attacks as ‘complex and very sophisticated’ and not only expressed their concerns around how fragile the Internet is, but also around the power of those aiming to disrupt it.
2. Hasn’t this happened many times before and what’s different now?
DDoS attacks have happened many times before in the past and are really nothing new. They could cause more and more problems, however, with major companies that provide the Internet infrastructure reporting increases in the frequency, length, severity and sophistication of DDoS attacks. Compared to previous assaults, these new waves of attacks seem to be more ‘probing’. They are testing various servers to see what they can handle. According to industry insiders, this could indicate that someone, somewhere is learning how to shut down the Internet and cause widespread disruption.
The DDoS attacks were launched via hacked Internet of Things devices, mainly branded webcams, CCTV cameras and DVRs of which the video surveillance components are produced by XiongMai Technologies, a Chinese tech firm. The problem with these devices is that their passwords are hard coded into the firmware and the user cannot change or disable them. Other Internet-connected devices that are susceptible to hacking and likely to be used for similar attacks are televisions, fridges, thermostats and even baby monitors.
3. Are we dealing with Internet vandalism or something more sinister?
According to experts, it is not very likely that these attacks are criminally motivated because they have little to gain from disruption. Although it’s impossible to say for sure, there are speculations of large nations, such as Russia or China, developing large scale DDoS capabilities. Unnamed intelligence officials however told NBC that it was merely a ‘classic case of Internet vandalism’. According to the officials, the attack ‘didn’t seem directed or state-sponsored,’ although the US government has officially accused Russia of cyber-attacking political organisations and election agencies (including the hacking of Hillary Clinton’s emails) during the presidential election campaign.
Some security firms have reported that the attack probably involved – at least in part - the Mirai malware that crawls the Internet for poorly or unprotected IoT devices that are still set to factory default passwords and usernames. It uses these devices, turns them into a botnet or zombie army that sends junk traffic to websites or overloads critical infrastructure targets. The hacker initially responsible for Mirai recently released the source code for the malware, making it available for anyone who wants to build his own attacker. What is clear is that the attack must have taken a lot of resources and serious coordination, suggesting that we are not dealing with a teenager who is just having some fun. The attack was ‘just’ disruptive, nothing was stolen, leading to speculations that someone is trying to figure out how to shut down the Internet.
4. Security of the Internet of Things keeps NSA hacking chief up at night
Chief of the NSA’s Tailored Access Operations unit, Rob Joyce, leads a team of hackers tasked with gathering foreign intelligence by hacking into computer networks. The team also probes US networks to determine where security can be improved. Joyce mentions that the Internet of Things and its lack of security makes it very easy for his team to attack various targets. For instance, the poor security of Internet-connected devices such as climate control systems offer easy access to organisations, which is often overlooked by computer network administrators. Thousands of these types of commercial and industrial control systems, also called SCADA systems, including critical infrastructure such as power plants, have been almost casually hooked up to the Internet, without proper security measures. Joyce said, “SCADA security is something that keeps me up at night.” Everything that is connected to the Internet of Things is, to a certain degree, hackable. From the Apple Watch and your smart fridge to the connected car you drive or your daughter’s new Hello Barbie. Very few of these devices have been adequately secured and are therefore a hacker’s dream. The IoT is however also becoming an integral part of healthcare facilities, a sector that has already seen its fair share of cyber attacks in recent years.
According to Chris Sullivan of Core Security, the disturbing part of the recent DDoS attack is that the underlying security weakness that enables these attacks can and will probably be used to unleash more serious attacks, such as the theft of credit cards and weapons designs or to manipulate processes like SWIFT global funds transfers. The attacks can also cause physical damage to devices such as was the case during the biggest hack in history which took place at Saudi Aramco in 2012. In the attack, 30,000 computers were partially wiped out or completely destroyed, forcing one of the world’s most valuable companies to go back to using typewriters and fax machines. The company was only able to fix the damages and come back online an entire five months later - with a newly secured computer network and an expanded cybersecurity system.
Unlike your phone or PC, IoT devices don’t have the processing or the memory needed to secure them properly. This makes them easily hackable and it’s very complicated to detect when that happens. Our biggest worry is that these devices also gain hackers access to, supposedly, highly secured corporate, defense and nations state networks from the inside, without being seen by firewalls and other intrusion prevention systems.
5. Unfortunately... there really is very little we can do
The challenge we face is that there is nothing we can do to secure IoT devices that are already compromised. The only solution to keep our personal information safe and prevent attacks like ransomware and DDoS from continuing is to disconnect our millions of IoT devices from the Internet. The biggest problem is that many people aren’t even aware – or don’t believe - that their thermostat or webcam can be hacked to gain access to their personal information. The obvious way to rectify this would be for companies to secure their products adequately. But without product recalls, new industry standards, lawsuits or government regulations, this is not very likely to happen. The problem is that we have networked the world much faster than we have been able to secure it – aided by millions of cheap sensors and connected devices. The tech companies should therefore take responsibility and focus on the cybersecurity crisis by fixing the problems they created.
6. Even two days of no Internet would equal bad times for everyone
An Internet outage would probably result in a moment of silence, then a collective, global scream. In other words, it would be devastating. Of course it is not very likely to happen because the Internet is an extremely flexible network of many networks of even more networks. If a part of the Internet were to be shut down, the remaining sections would still stay in operation. But what would happen if, let’s say due to a solar flare or someone cutting the undersea fibre-optic cables, the entire Internet did shut down for one or two days?
Our first reactions would probably be irritation at the inconvenience of not being able to use Google, send Whatsapp messages, listen to music, shop online, watch movies and access social media. Communication would be near impossible and we wouldn’t have access to news. We would soon thereafter realise that we depend on the Internet for much more than our entertainment and that a deeper disruption can cause serious chaos. We would have no access to our money, our scheduled online payments wouldn’t go through and our salaries wouldn’t be deposited. We wouldn’t be able to buy goods or even get around. Large-scale Internet outages could threaten our safety as well. Think traffic light systems out of order, emergency response services not reachable and hospital communication down. Logistical systems are also heavily dependent on the Internet and merchants not being able to pay their bills or place orders will not receive goods from their suppliers. Resulting in empty shops, panic among citizens, riots…
The chances of this actually happening are very slim. But they are not zero. And they are expected to rise. National security officers have indicated that a few significant efforts at shutting down critical elements of the US infrastructure have already been detected. There are also concerns about coordinated attacks on the electrical grid which would plunge entire regions into darkness, and these concerns are very valid. With this recent DDoS attack, we’ve just witnessed the most significant known attempt at shutting down the Internet. And while some say it’s really nothing to worry about, perhaps it is.