ShareThis Page

Hackers' entry point traced back to cameras

| Monday, Oct. 24, 2016, 10:57 p.m.

The motive behind a cyber attack that crippled major social media, entertainment and news websites last week remains unclear, but a Chinese surveillance camera maker acknowledged Monday that hackers hijacked its technology to launch the attack.

“The short answer is we can only speculate about the intent,” said Vyas Sekar, a faculty member at Carnegie Mellon University's CyLab Security and Privacy Institute. “In the past, we have seen everything from nation states acting to disrupt other people to script kiddies having fun to actual attacks for vengeance or ransom.”

Distributed denial-of-services (DDoS) attacks like the one that disabled critical internet infrastructure Friday frustrated users who couldn't access Twitter, Spotify, CNN.com and many other sites.

The attackers used CCTV cameras made by Hangzhou Xiongmai Technology Co. using malware known as Mirai, the company said in an email. Xiongmai didn't say how many of its products had been infiltrated, but all cameras made before September 2015 were potentially vulnerable. They belong to the Internet of Things, which refers to devices and appliances connected to the internet such as cameras, light switches, refrigerators and much more.

“Mirai is a huge disaster for the Internet of Things. XM have to admit that our products also suffered from hacker's break-in and illegal use,” Xiongmai said in its email.

Hackers targeted Dyn, a company that manages a key piece of internet infrastructure known as a DNS server. A DNS server connects the words users submit to access the internet, such as www.cnn.com, and connects it to the website's real, numeric address.

The DDoS attack flooded Dyn with requests, overwhelming it and crippling it from handling legitimate traffic. For several hours, people couldn't, among other things, check Twitter, shop on Etsy, stream movies on HBO Now, book flights on Kayak.com or read the latest news about the attack on the tech news website, The Verge.

“For some hackers, that is the motivation,” said Gary Sockrider, principal security technologist at Arbor Networks, a network security firm in Burlington, Mass. “For others, there are much larger goals at hand.”

DDoS attacks can stop the exchange of ideas, halt commerce and have an economic impact, Sockrider said. DDoS attacks can cost companies an average of $40,000 an hour, according to a 2014 survey by the network security firm, Incapsula.

Sockrider said hackers sometimes launch high-profile DDoS attacks and then hire out their services to carry out attacks for others. Lizard Squad, a hackers group, launched a DDoS-for-hire service shortly after the group of teens took down the gaming networks of Sony PlayStation and Microsoft Xbox on Christmas Day 2014. Several members have since been arrested.

Disabling websites for a few hours, however, might not have been the point of Friday's attack, said Martin McKeay, senior security advocate at Akamai, a network security firm in Cambridge, Mass.

“I look at Friday, and I personally think that this was a distraction of some sort,” McKeay said. “Doing something to Dyn, most likely doesn't gain you something directly.”

Martin said the attack Friday focused attention on one aspect of network security, potentially leaving others vulnerable. He said any company affected should go through its server logs to see if they were targeted individually in another way during the attack.

For example, banks have had millions of dollars stolen through illicit wire transfers while they were fighting off DDoS attacks. Hackers stole personal and banking information from a British cellphone company while its security team dealt with a DDoS attack.

Bloomberg News contributed to this report. Aaron Aupperlee is a Tribune-Review staff writer. Reach him at 412-320-7986 or aaupperlee@tribweb.com.

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.