On October 21, 2016, a cyber attack took about half of the websites in the US. This presentation discusses the attack, why it happened, how it occurred, and what we can learn from it.
1. WHAT HAPPENED ON 10/21?
A look at the attack that brought down half of the websites in the US
2. WHAT HAPPENED?
• A malware program called Mirai took over online devices and used them to
attack the Internet
• The attacks were called DDoS, which stands for distributed denial of service
• In a DDoS, all available devices go to one service at the same time. The
service is overwhelmed and it shuts down.
• Example in real life: Amazon on Black Friday
• The program began on Friday morning in the East Coast. When they thought
it was under control, a second wave began and it quickly infected the West
Coast as well.
4. HOW DID IT HAPPEN?
• Mirai (a Trojan Virus) scans the Internet for systems protected by factory
default or hard coded usernames and passwords.
• Exploits weak security measures (standard usernames and passwords)
• Devices are then infected with malware, which takes them to a central
control system, where they are all directed to the same site at once.
• Devices affected are the Internet of Things (IoT) devices, such as web
cameras, printers, home automated devices and even some routers.
5. WHY WAS IT SO MASSIVE?
• The source code was released on the Dark web sites at the beginning of the
month
• There are nearly half a million Mira-powered bots worldwide.
• Friday’s attack was “well planned and executed”, involving “tens of millions
of IP addresses at the same time”.
• This is a dangerous program because
• It works in stealth (delay from infection to inception)
• It is undetected and unseen
• It is encoded
• It can rapidly spread via connected devices
6. WHO CREATED
MIRAI?
• Nickname of person is
“Anna-Senpai”
• Anime character and
appears in a Japanese
novel series called
Shimoseka, set in a future
filed with morality police.
• Anna is the enforcer of
public morality laws.
7. HOW DID IT WORK?
• Began at DYN, a New Hampshire based Internet company that provides
domain name service (DNS) to popular sites
• You enter an URL (twitter.com), and your computer goes to the IP address
for Twitter. DNS (think of it as a GPS for computers) translates URLs into IP
addresses, and allows browsers to connect with websites.
• Sites like Twitter are duplicated and stored on several servers. The DNS helps
the browser to know what data is best to use.
• When DYN was targeted, the process was interrupted so your browser didn’t
know what IP address to go to. (Similar to losing your GPS when you don’t
know where to go).
8. HAS IT HAPPENED BEFORE?
• Security experts believe that this attack is the same that used networks of
connected devices to bring down websites.
• The “Internet of Things” (IoT), is particularly vulnerable since it is not designed
for security and they have no additional security precautions.
• There is a list of potential products which may be targeted, since they were
designed with substandard usernames and passwords. They are most
vulnerable to attacks. (next slide)
10. WHAT CAN BE DONE?
• Make sure your home network is secure (complex passwords, passwords for
connected devices if possible, don’t buy devices with no password
protection, don’t store passwords online, beware of email links and
passwords).
• Companies need to set up industry standard, which will then create a
consumer seal of approval. As consumers, we would only purchase those
who adhere to the standard.
• You can reboot your infected systems. However, they can be re-infected
within minutes of a reboot.
• Change the default password if possible.