U.S. Internet Outage
- Page 1 of 1
Apparently there was some DDoS on a ton of sites this morning.
So you're not crazy if your sites aren't loading.
So you're not crazy if your sites aren't loading.
By diehard Go To PostI think its just an attack on Dyn DNS.
That's what I read.
Specifically, Amazon's DNS servers for their us-east-1 (their VERY original server offerings) got hit in the crossfire. For whatever reason (technical, legal) those name servers are in limited supply. It took down Github, Heroku and a bunch of other important sites for a while.
It's now hit the west coast? Deliberate planned attached and probably a test for Election Day. Shits crazy.
By Smokey Go To PostIt's now hit the west coast? Deliberate planned attached and probably a test for Election Day. Shits crazy.Speaking with Sharp earlier, in the past this would've been a state level attack for sure. But today? Naw. The crazy amount of unsecured IoT devices make this possible for script kiddies to do without the need/money to boot up crazy amount of servers. Read this:
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.
First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it's overwhelmed. These attacks are not new: hackers do this to sites they don't like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it's a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.
I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
And further:
The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second. Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.
Martin McKeay, Akamai’s senior security advocate, said the largest attack the company had seen previously clocked in earlier this year at 363 Gbps. But he said there was a major difference between last night’s DDoS and the previous record holder: The 363 Gpbs attack is thought to have been generated by a botnet of compromised systems using well-known techniques allowing them to “amplify” a relatively small attack into a much larger one.
There are some indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords.
As noted in a recent report from Flashpoint and Level 3 Threat Research Labs, the threat from IoT-based botnets is powered by malware that goes by many names, including “Lizkebab,” “BASHLITE,” “Torlus” and “gafgyt.” According to that report, the source code for this malware was leaked in early 2015 and has been spun off into more than a dozen variants.
https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
By reilo Go To PostSpeaking with Sharp earlier, in the past this would've been a state level attack for sure. But today? Naw. The crazy amount of unsecured IoT devices make this possible for script kiddies to do without the need/money to boot up crazy amount of servers. Read this:In some ways, the ease with which an attack like this can be performed makes this a great time to do this if you are a nation-state. Was it Russia? China? Maybe... or maybe it was a script kiddie who wants to prove how l33t his new botnet is. Hell, it might even be both (a nation-state contracting out anonymously to a script kiddie). It usually takes a long time before you can figure out a perpetrator, if ever, and the major point of an attack like this (not preceded by any sort of threat or ransom attempt, AFAIK) is to cause system chaos and overwhelm monitoring services in order to mask exploitation of a security vulnerability.
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
And further:
https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
By Smokey Go To PostIt's now hit the west coast? Deliberate planned attached and probably a test for Election Day. Shits crazy.
According to PoliGAF, the voting machines aren't connected to the internet and results can be sent in manually.
At first, it was unclear who or what was behind the attack on Dyn. But over the past few hours, at least one computer security firm has come out saying the attack involved Mirai, the same malware strain that was used in the record 620 Gpbs attack on my site last month. At the end September 2016, the hacker responsible for creating the Mirai malware released the source code for it, effectively letting anyone build their own attack army using Mirai.And apparently the way to change these username/passwords is via command line :facepalm: so they never end up getting changed:
Mirai scours the Web for so-called IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.
According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.
“The issue with these particular devices is that a user cannot feasibly change this password,” Flashpoint’s Zach Wikholm told KrebsOnSecurity. “The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
