This post is not only about tonight’s massive DDOS attack but the terrible problems IOT is causing due to their horrid security. If you want a quick overview skip right to the video. If you want to get into the weeds a bit read on…but be warned. There are tons of links and those links often contain links as well. This is NOT a quick read. If you want the full details though grab some coffee or your beverage of choice and get ready to learn about something that is on its way to causing Internet wide issues.
There’s a ton of information available about this and some over hyping as well. Some of the hype being produced is trying to raise the fear this is practice for election day. It might be one facet but here something I am sure of. This DDOS was in retaliation for an expose Brian Krebs and Doug Madory collaborated on a couple of projects. One was the DDOS for hire company VDOS(since shutdown with the arrest of the operators which was reported by Krebs) and then the BGP hijacking being perpetrated by another company that turns out to be very closely linked to the owners of VDOS. Hours after this presentation at NANOG by Doug Madory of Dyn the massive, internationally reported DDOS against DYN began.
Brian Krebs of Krebsonsecurity.com first publicized this problem in a big way when he did an expose on a DDOS for hire firm out of Israel. That led to a massive IOT powered DDOS that got him booted from Prolexic’s network. After he found sanctuary under Google’s Project Shield he continued to report on various problems with IOT. In March of this year I warned that IOT must be kept off your networks. Initial reports coming online are that the same Mirai malware that nearly took prolexic offline was used to power one of the botnets that attacked DYN. The botnet used in the DYN attack right now does not appear to be the same botnet that struck Prolexic. Details are still coming in so this initial news will most likely change…..
Microsft is FINALLY warning about IOT…BUT…it is actually PART OF THE PROBLEM. I talked about UPNP on this blog back in 2013 and have been warning my clients ever since it appeared in mass amounts at the dawn of Windows XP. See Microsoft created UPNP which allows IOT to talk to a UPNP router and automatically open up holes in your firewall. Now your IOT has direct access to the Internet. With the woeful security of IOT, botnets now can send such massive amounts of traffic the Internet backbone is now in danger of being overwhelmed.
I got very busy tonight answering questions about the news blowing up about a massive cyber attack that was taking down access to sites mainly across the east coast. I made a very quickly setup Facebook video and my presentation needs work and i made some errors in my presentation. The overall facts and premise I hope I got across though.