Hacked home devices caused massive Internet outage - USA Today
If you live on the East Coast and had trouble accessing Twitter, Spotify Netflix, Amazon or Reddit Friday morning, you were not alone. USA TODAY
SAN FRANCISCO — Eleven hours after a massive online attack that blocked access to many popular websites, the company under assault has finally restored its service.
Dyn, a New Hampshire-based company that monitors and routes Internet traffic, was the victim of a massive attack that began at 7:10 a.m. ET Friday morning. The issue kept some users on the East Coast from accessing Twitter, Spotify , Netflix, Amazon, Tumblr, Reddit, PayPal and other sites.
At 6:17 p.m. ET Friday, Dyn updated its website to say it had resolved the large-scale distributed denial of service attack (DDoS) and service had been restored.
DDoS attacks flood servers with so many fake requests for information that they cannot respond to real ones, often crashing under the barrage. It's unclear who orchestrated the attack.
“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning though,” said Kyle York, Dyn’s chief strategy officer said on a conference call with reporters Friday afternoon.
Troubling to security experts was that the attackers relied on Mirai, an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch DDoS attacks. The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance.
These devices are in turn used to create a robot network, or botnet, to send the millions of messages that knocks the out victims' computer systems.
The source code for Mirai was released on the so-called dark web, sites that operate as a sort of online underground for hackers, at the beginning of the month. The release led some security experts to suggest it would soon be widely used by hackers. That appears to have happened in this case.
Dyn is getting “tens of millions” of messages from around the globe sent by seemingly harmless but Internet-connected devices.
“It could be your DVR, it could be a CCTV camera, a thermostat. I even saw an Internet-connected toaster on Kickstarter yesterday," said York.
The complexity and breadth of the multiple attack points makes it difficult to fight, because it's hard to distinguish legitimate traffic from botnet traffic.
York said one bright spot for the company had been the tremendous outpouring of aid from its customers, competitors and law enforcement. “You guys wouldn’t believe the amount of support we’ve received,” he told reporters.
Effects felt nationwide
Dyn first posted on its website at 7:10 a.m. ET that it "began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure."
These resolved towards 9:30 a.m.. Then more waves began. "It's been a hectic day," said York.
The attack comes at a time of heightened public sensitivity and concern that the nation's institutions and infrastructure could face large-scale hacking attacks. The most recent example has been the release of emails stolen from the servers of the Democratic National Committee, which U.S. intelligence sources say was the work of Russia. The topic has come up frequently during the fall's hard-fought presidential campaign.
White House Press Secretary Josh Earnest said the Department of Homeland Security was “monitoring the situation" but that “at this point I don’t have any information about who may be responsible for this malicious activity.”
So far Dyn has not been able to ascertain whether the attack is aimed at any specific customer. “We have no reason to believe it is at this point,” said Dave Allen, the company’s general counsel.
The attack is “consistent with record-setting sized cyberattacks seen in the last few weeks,” said Carl Herberger, vice president of security at security company Radware.
Disruption
A post on Hacker News first identified the attack and named the sites that were affected. Several sites, including Spotify and GitHub, took to Twitter Friday morning to post status updates once the social network was back online.
美國遭受前所未有的神秘網絡攻擊,美國公共服務,社交平台,民眾網絡服務器等等都遭到嚴重攻擊,幾乎陷入癱瘓。美國電腦專家與網絡安全專家全力以赴試圖修復,但網絡進攻立即適應並改變進攻方式繼續癱瘓美國大部分網絡服務。至此美國沒有報告確認進攻源頭,但也謹慎避免錯誤指控。
據法新社報導,美國星期五受到新一波的大規模網絡進攻,不僅表明襲擊者強大頑固,並也顯示美國網絡安全是多麼的脆弱。美國的網絡服務從昨天開始以板塊式陷落。多次波浪形的網絡問題,讓數百萬美國網絡客戶被阻斷網絡服務平台與社交平台,包括網購服務平台。
儘管大規模的網絡服務受到影響,美國安全修復沒有能夠確認進攻者身份以及攻擊源頭的地理位置。
美國公共服務以及網絡各種服務包括郵箱,臉書,推特平台和網購服務,星期五都被網絡進攻攻陷。受到嚴重影響的還有Reddit, Airbnb, Netflix服務網站,許多媒體也被襲擊包括CNN, 紐約時報,波士頓環球報,金融時報以及衛報等等美國和國際媒體在內。
據專家指出,此次美國網絡問題表面上並不像駭客直接攻擊,而是顯示美國網絡分流管理機構DIN的技術故障。但技術修復和各種不久措施很快就被攻破並被侵入取代,使電腦專家相信這其實是一個非常隱秘非常完備的網絡技術攻擊。
不過到目前為止,美國沒有公布發現了網絡襲擊嫌疑的身份,美國官方承認,網絡攻擊的源頭地理位置也沒有被確定。而根據美國電腦安全專家指出,美國的技術和安全保障是能夠追蹤確定任何攻擊者包括組織或國家的身份和發動攻擊的源頭位置。
據報導,惡意進攻美國網絡涉嫌者被媒體點名包括維基解密或匿名駭客等。維基解密被阻斷了網絡鏈接,該網絡機構近來不斷發布攻擊美國民主黨候選人希拉里克林頓的網絡解密文件。維基解密稍後隱秘表示,他們的信息與要求顯示被聽到了。
匿名駭客沒有否認但也沒有肯定發動襲擊,在官方網站上,匿名駭客寫有屋頂烈焰,不必撲滅,讓它們燃燒吧的字樣。
沒有留言:
張貼留言