|
Cyber attacks disrupt PayPal, Twitter,
other sites
Send a link to a friend
 [October 22, 2016]
By Joseph Menn, Jim Finkle and Dustin Volz
(Reuters) - Hackers unleashed a complex
attack on the internet through common devices like webcams and digital
recorders and cut access to some of the world's best known websites on
Friday, a stunning breach of global internet stability.
The attacks struck Twitter, Paypal, Spotify and other customers of an
infrastructure company in New Hampshire called Dyn, which acts as a
switchboard for internet traffic.
The attackers used hundreds of thousands of internet-connected devices
that had previously been infected with a malicious code that allowed
them to cause outages that began in the Eastern United States and then
spread to other parts of the country and Europe.
"The complexity of the attacks is what’s making it very challenging for
us," said Dyn’s chief strategy officer, Kyle York. The U.S. Department
of Homeland Security and the Federal Bureau of Investigation said they
were investigating.
The disruptions come at a time of unprecedented fears about the cyber
threat in the United States, where hackers have breached political
organizations and election agencies.
Friday's outages were intermittent and varied by geography. Users
complained they could not reach dozens of internet destinations
including Mashable, CNN, the New York Times, the Wall Street Journal,
Yelp and some businesses hosted by Amazon.com Inc.
Dyn said attacks were coming from millions of internet addresses, making
it one of the largest attacks ever seen. Security experts said it was an
especially potent type of distributed denial-of-service attack, or DDoS,
in which attackers flood the targets with so much junk traffic that they
freeze up.
VULNERABILITIES EXPLOITED
Dyn said that at least some of the malicious traffic was coming from
connected devices, including webcams and digital video recorders, that
had been infected with control software named Mirai. Security
researchers have previously raised concerns that such connected devices,
sometimes referred to as the Internet of Things, lack proper security.
The Mirai code was dumped on the internet about a month ago, and
criminal groups are now charging to employ it in cyber attacks, said
Allison Nixon, director of security research at Flashpoint, which was
helping Dyn analyze the attack.
Dale Drew, chief security officer at communications provider Level 3,
said that other networks of compromised machines were also used in
Friday's attack, suggesting that the perpetrator had rented access to
several so-called botnets.
The attackers took advantage of traffic-routing services such as those
offered by Alphabet Inc's Google and Cisco Systems Inc's OpenDNS to make
it difficult for Dyn to root out bad traffic without also interfering
with legitimate inquiries, Drew said.
"Dyn can't simply block the (Internet Protocol) addresses they are
seeing, because that would be blocking Google or OpenDNS," said Matthew
Prince, CEO of security and content delivery firm CloudFlare. "These are
nasty attacks, some of the hardest to protect against."
[to top of second column] |
An attendee looks at a monitor at the Parsons booth during the 2016
Black Hat cyber-security conference in Las Vegas, Nevada, U.S.
August 3, 2016. REUTERS/David Becker
GOVERNMENT WARNED OF ATTACKS
Drew and Nixon both said that the makers of connected devices needed
to do far more to make sure that the gadgets can be updated after
security flaws are discovered.
Big businesses should also have multiple vendors for core services
like routing internet traffic, and security experts said those Dyn
customers with backup domain name service providers would have
stayed reachable.
The Department of Homeland Security last week issued a warning about
attacks from the Internet of Things, following the release of the
code for Mirai.
Attacking a large domain name service provider like Dyn can create
massive disruptions because such firms are responsible for
forwarding large volumes of internet traffic.
Dyn said it had resolved one morning attack, which disrupted
operations for about two hours, but disclosed a second a few hours
later that was causing further disruptions. By Friday evening it was
fighting a third.
Amazon's web services division, one of the world's biggest cloud
computing companies, reported that the issue temporarily affected
users in Western Europe. Twitter and some news sites could not be
accessed by some users in London late on Friday evening.
PayPal Holdings Inc said that the outage prevented some customers in
"certain regions" from making payments. It apologized for the
inconvenience and said that its networks had not been hacked.
A month ago, security guru Bruce Schneier wrote that someone,
probably a country, had been testing increasing levels of
denial-of-service attacks against unnamed core internet
infrastructure providers in what seemed like a test of capability.
Nixon said there was no reason to think a national government was
behind Friday's assaults, but attacks carried out on a for-hire
basis are famously difficult to attribute.
(Reporting by Joseph Menn in San Francisco, Jim Finkle in Boston and
Dustin Volz in Washington. Additional reporting by Eric Auchard in
Frankurt, Malathi Nayak in New York, Jeff Mason and Mark Hosenball
in Washington, Adrian Croft and Frances Kerry in London; Editing by
Bill Trott, Lisa Shumaker and Jonathan Weber)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
