Internet outage was caused by personal webcams, meaning people provided firepower for shutdown without knowing it

Hackers are weaponising people's houses and using them to take down important infrastructure

Andrew Griffin
Tuesday 25 October 2016 12:29 BST
Comments
Humble webcams might be part of the biggest cyber weapon ever developed
Humble webcams might be part of the biggest cyber weapon ever developed (Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

You might well have been responsible for one of the biggest-ever attacks on the internet last week. And you’re probably going to do it again.

A huge network of webcams and other internet of things devices is being built that can be used as perhaps the biggest cyberweapon ever created. And those people who own the devices probably don’t even know that they’re infected with the malicious code that allows them to be used that way.

To be involved in the attack, you wouldn’t need to do more than buy a common webcam – perhaps for keeping an eye on your house, or a pet that lives in it – or any other connected home or internet of things device. But because of the lax security software that is used in those technologies – which are often made by unknown companies and sell relatively cheaply – they can easily be taken over.

Once they are, they become something like a very vulnerable computer – and assembled together, they are an incredibly powerful cyberweapon. Each internet of things device might only be small, but if they are harnessed together they can be pointed at one specific part of the internet and cause it to fall over.

That appears to be what happened last week. Large swathes of the internet became inaccessible because apparently innocent devices started hurling requests at one specific server, causing it to break and no longer provide the information that it would usually.

Some of the webcams that have vulnerabilities that would allow them to be attacked in such a way are already being recalled after last week’s attack. But even if every device that was used in the attack was recalled, the threat will still exist – technologists have repeatedly warned about insecure and unsafe internet of things devices, and people are likely to continue making them.

The server this time was a domain name system server, which helps direct browsers to the right websites, run by a company called Dyn. But next time it could be anything else – and the size of the attack might mean that it needs only be an attack on something relatively dull to cause huge damage across the world.

Dyn said that at least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders, that had been infected with control software named Mirai. Security researchers have previously raised concerns that such connected devices, sometimes referred to as the Internet of Things, lack proper security.

The Mirai code was dumped on the internet about a month ago, and criminal groups are now charging to employ it in cyber attacks, said Allison Nixon, director of security research at Flashpoint, which was helping Dyn analyze the attack.

Dale Drew, chief security officer at communications provider Level 3, said that other networks of compromised machines were also used in Friday's attack, suggesting that the perpetrator had rented access to several so-called botnets.

The attackers took advantage of traffic-routing services such as those offered by Alphabet Inc's Google and Cisco Systems Inc's OpenDNS to make it difficult for Dyn to root out bad traffic without also interfering with legitimate inquiries, Drew said.

"Dyn can't simply block the Internet Protocol addresses they are seeing, because that would be blocking Google or OpenDNS," said Matthew Prince, CEO of security and content delivery firm CloudFlare. "These are nasty attacks, some of the hardest to protect against."

Drew and Nixon both said that the makers of connected devices needed to do far more to make sure that the gadgets can be updated after security flaws are discovered.

Big businesses should also have multiple vendors for core services like routing internet traffic, and security experts said those Dyn customers with backup domain name service providers would have stayed reachable.

The Department of Homeland Security last week issued a warning about attacks from the Internet of Things, following the release of the code for Mirai.

Attacking a large domain name service provider like Dyn can create massive disruptions because such firms are responsible for forwarding large volumes of internet traffic.

Additional reporting by Reuters

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in