I’m sure you’ve all heard about the internet attack in the US last Friday, where sites such as Twitter, Amazon, Spotify, PayPal and Netflix (amongst others) were taken offline (effectively).
This was done by what is called a Distributed Denial Of Service (DDOS) attack and it targeted a company called Dyn, which provides all of those companies with a specific service. It is believed that this attack was carried out by a huge number of hacked security cameras and their associated Digital Video Recorders (DVRs), flooding the service with billions of requests which it could not handle. I talked about these hacked devices last month in this blog post.
Since then the hacker that created the computer code to take control of the cameras, has released it to the internet, so it looks like some new bad guys may have stepped it up a bit as there was mention of between 500,000 and 1,000,000 devices being used last Friday.
This is a very worrying situation, as that many devices could cause serious disruptions to businesses and people worldwide. There are anecdotal reports that some of these evil doers are attempting to bribe online service providers to pay them money not to launch an attack.
There is an excellent briefing by Dr. Johannes Ullrich of the SANS Institute in the following YouTube clip. This is a little tech jargon heavy, so only watch if you are really interested in learning more about this attack.