The October 21 attack that disrupted internet service across the US has been linked to a network of internet-connected consumer devices ranging from Wi-Fi routers and TVs to security cameras and thermostats.
The attack targeted Dyn, a global provider of Domain Name System (DNS) services. Think of a DNS provider as the internet equivalent of a phone book — allowing users to reach a website via an easy-to-remember domain name (like amazon.com) rather than a long string of of numbers in its IP address. If the DNS services are disrupted, internet users will be unable to reach a website using the domain name, even though the website is still online. This was experienced by many users on October 21, who were suddenly unable to reach many popular sites like Amazon and Twitter.
The type of attack used against Dyn was a Distributed Denial of Service (DDOS), meant to overwhelm the victim’s servers with so much superfluous traffic that the servers can no longer process the requests from legitimate users. To generate such damaging amounts of traffic, attackers rely on botnets — massive networks of hundreds of thousands of malware-infected devices that can be directed to send persistent traffic at their target.
In the past, DDOS attacks were primarily perpetrated using botnets of infected personal computers. However, today’s proliferation of “smart” home devices now offers hackers easier and more numerous targets to infect and recruit into the botnets. Analysts from the security firm Flashpoint have confirmed that the attack on Dyn was perpetrated using a botnet infected with Mirai malware that specializes in exploiting vulnerabilities in smart home devices. The Mirai botnet currently has over 380,000 devices under its control.