Today the web was broken by countless hacked devices – your 60-second summary…(Another Take…)
IoT gadgets behind tens of millions of IP addresses flooded DNS biz Dyn
Chris Williams
TheRegister.co.uk
21 Oct 2016
Updated Today a vast army of hijacked internet-connected devices – from security cameras and video recorders to home routers – turned on their owners and broke a big chunk of the web.
Compromised machines, following orders from as-yet unknown masterminds, threw massive amounts of junk traffic at servers operated by US-based Dyn, which provides DNS services for websites large and small.
The result: big names including GitHub, Twitter, Reddit, Netflix, AirBnb and so on, were among hundreds of websites rendered inaccessible to millions of people around the world for several hours today.
We’re told gadgets behind tens of millions of IP addresses were press-ganged into shattering the internet – a lot of them running the Mirai malware, the source code to which is now public so anyone can wield it against targets.
Dyn tells us it has weathered the storm for now, and services are coming back online. Here’s what we know:
Starting from 1110 UTC, a distributed denial-of-service attack knocked Dyn’s DNS nameservers offline. This continued throughout the day in three independent waves as hackers targeted Dyn’s data centers one by one, including its US East Coast facility. By 2037 UTC, the situation is said to be under control after mitigations were put in place to block ongoing attacks.
Dyn is a crucial component in the internet’s infrastructure because when you visit a website that uses Dyn’s DNS servers, Dyn is supposed to help your browser or app find the right system to connect to. When Dyn does down, your software can’t find the website you want to visit.
A spokesperson for US Homeland Security said the agency is “investigating all potential causes” of the mega-outage.
The Rest…HERE
