In the latest internet security breach, hackers initiated a complex cyber attack using devices such as digital recorders and webcams restricting access to some of the most popular websites such as Twitter, PayPal and Spotify.
Dyn, a New Hampshire-based network infrastructure company that essentially manages web domains and routes internet traffic, suffered two consecutive attacks that made access to popular sites such as Reddit, Twitter, Soundcloud, Github, Pinterest and more hard to reach. It was a distributed denial of service (DDOS) attack, which put simply is a way to clutter a website with so much traffic that it disrupts normal service. Even Amazon Web Services experienced connectivity problems the same time as the Dyn attacks.
The hackers primarily used interconnected devices which were earlier infected with a malicious code that allowed them to cause disruptions starting with the United States, which later moved on to Europe. The second attack started later on Friday, which used a similar ploy as the first. Though it’s still unclear who exactly is behind the attack and why Dyn is the victim. The FBI and US Department of Homeland Security are reportedly investigating these attacks.
“The complexity of the attacks is what’s making it very challenging for us,” said Dyn’s chief strategy officer, Kyle York.
The latest attack on Dyn marks a remarkable shift in tactics as DDoS attacks are usually aimed at a single site. Dyn apparently acts as a phone directory for a large number of websites, and this attack was something like burning the phone directory as well as the phone company at the same time.
Besides, Dyn also revealed that some of the malicious traffic was coming through connected devices such as webcams and digital video recorders, which were infected with a control software called Mirai. According to security researchers, these devices also referred to as Internet of Things (IoT), are not equipped with proper security.