Hackers' entry point traced back to cameras
The motive behind a cyber attack that crippled major social media, entertainment and news websites last week remains unclear, but a Chinese surveillance camera maker acknowledged Monday that hackers hijacked its technology to launch the attack.
“The short answer is we can only speculate about the intent,” said Vyas Sekar, a faculty member at Carnegie Mellon University's CyLab Security and Privacy Institute. “In the past, we have seen everything from nation states acting to disrupt other people to script kiddies having fun to actual attacks for vengeance or ransom.”
Distributed denial-of-services (DDoS) attacks like the one that disabled critical internet infrastructure Friday frustrated users who couldn't access Twitter, Spotify, CNN.com and many other sites.
The attackers used CCTV cameras made by Hangzhou Xiongmai Technology Co. using malware known as Mirai, the company said in an email. Xiongmai didn't say how many of its products had been infiltrated, but all cameras made before September 2015 were potentially vulnerable. They belong to the Internet of Things, which refers to devices and appliances connected to the internet such as cameras, light switches, refrigerators and much more.
“Mirai is a huge disaster for the Internet of Things. XM have to admit that our products also suffered from hacker's break-in and illegal use,” Xiongmai said in its email.
Hackers targeted Dyn, a company that manages a key piece of internet infrastructure known as a DNS server. A DNS server connects the words users submit to access the internet, such as www.cnn.com, and connects it to the website's real, numeric address.
The DDoS attack flooded Dyn with requests, overwhelming it and crippling it from handling legitimate traffic. For several hours, people couldn't, among other things, check Twitter, shop on Etsy, stream movies on HBO Now, book flights on Kayak.com or read the latest news about the attack on the tech news website, The Verge.
“For some hackers, that is the motivation,” said Gary Sockrider, principal security technologist at Arbor Networks, a network security firm in Burlington, Mass. “For others, there are much larger goals at hand.”
DDoS attacks can stop the exchange of ideas, halt commerce and have an economic impact, Sockrider said. DDoS attacks can cost companies an average of $40,000 an hour, according to a 2014 survey by the network security firm, Incapsula.
Sockrider said hackers sometimes launch high-profile DDoS attacks and then hire out their services to carry out attacks for others. Lizard Squad, a hackers group, launched a DDoS-for-hire service shortly after the group of teens took down the gaming networks of Sony PlayStation and Microsoft Xbox on Christmas Day 2014. Several members have since been arrested.
Disabling websites for a few hours, however, might not have been the point of Friday's attack, said Martin McKeay, senior security advocate at Akamai, a network security firm in Cambridge, Mass.
“I look at Friday, and I personally think that this was a distraction of some sort,” McKeay said. “Doing something to Dyn, most likely doesn't gain you something directly.”
Martin said the attack Friday focused attention on one aspect of network security, potentially leaving others vulnerable. He said any company affected should go through its server logs to see if they were targeted individually in another way during the attack.
For example, banks have had millions of dollars stolen through illicit wire transfers while they were fighting off DDoS attacks. Hackers stole personal and banking information from a British cellphone company while its security team dealt with a DDoS attack.
Bloomberg News contributed to this report. Aaron Aupperlee is a Tribune-Review staff writer. Reach him at 412-320-7986 or firstname.lastname@example.org.