BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Hacked Cameras Were Behind Friday's Massive Web Outage

This article is more than 7 years old.

By Brian Solomon and Thomas Fox-Brewster

A massive distributed denial of service (DDoS) attack on Friday slowed down or knocked offline a whole group of major websites, including Twitter, Spotify, Amazon, Reddit, Yelp, Netflix, and The New York Times.

The main cause appears to be a coordinated attack on Dyn, a major DNS host (an intermediary sometimes described as an Internet address book) that says its engineers began monitoring problems at 7:10am ET and "are continuing to investigate and mitigate several attacks aimed against the Dyn Managed DNS infrastructure."

We already know at least one method the hackers are using. According to security intelligence firm Flashpoint, their researchers have observed a Mirai botnet attacking Dyn. Flashpoint researcher Zach Wikholm had identified two kinds of device that were used in the DDoS. The first was a DVR running the software of the Chinese company previously-identified as being a key target of the Mirai hackers - Hangzhou XiongMai Technologies (XM). The other was a network-attached storage device with a username and password of "root/root".

Roland Dobbins, principal engineer at Arbor Networks, agrees: "A significant proportion of the DDoS attack traffic targeting Dyn is being sourced from compromised IoT devices participating in Mirai botnets."

This kind of botnet, which FORBES has written about twice in the last month, consists of tens of thousands of Internet-connected devices, including unsecure routers, DVR machines, and cameras. Such devices, proliferating in the wave of "Internet of Things," have proven vulnerable to simple hacks, giving hackers access to vast networks of computing devices able to generate extraordinary volumes of traffic--the key ingredient to DDoS attacks.

In previous incidents, botnets of more than 25,000 cameras have been used in attacks that often start in Asia, in particular China, South Korea, Taiwan, and Vietnam. One Chinese camera-maker appears to have accounted for nearly half of the camera bots used in recent DDoS attacks.

White House press secretary Josh Earnest told reporters that the Department of Homeland Security was monitoring these "malicious" attacks but did not speculate on who might be behind them. The outages come after the Federal Government has blamed Russia for a cyber campaign to disrupt the upcoming U.S. election. A Twitter account associated with the hacker group Anonymous appeared to take credit.

Many websites were down or only partially functional for hours during the day on Friday. As of 4:45pm ET, service on Twitter and Amazon had resumed.

Tips and comments are welcome at TFox-Brewster@forbes.com or tbthomasbrewster@gmail.com for PGP mail. Follow Tom on Twitter @iblametom and tfoxbrewster@jabber.hot-chilli.net for Jabber encrypted chat.

Follow me on Twitter or LinkedInSend me a secure tip