As the world witnessed with yesterday’s attack on the cloud-based internet performance management (IPM) company Dyn, the possibilities and dangers of attacks on large server companies can become standard practice in the future if the cybersecurity of Internet of Things-devices is not improved. The scale of yesterday’s attack was unprecedented and shows the massive potential of using IoT-devices in so-called DDos-Attacks. This led to companies like Spotify and Twitter being unreachable in the US for hours.
Firstly, let me briefly explain the aforementioned subjects. IPM-companies are companies that give IT professionals visibility into Internet traffic patterns that can impact a sophisticated online infrastructure including ISPs, cloud hosts, content delivery networks (CDNs), web pages, apps – and, ultimately, customers, employees, and all other end users (IDG & Dyn, 2016). Companies like Spotify, Twitter and Soundcloud all make use of these services.
With the opportunity to connect more and more objects to the internet every day, the internet gets more and more unique IP-addresses every day. The definition IoT-device is linked to every device or object that can be linked to the internet, mainly for more convenience or efficiency. Examples that nowadays are turning into IoT-devices can be thermostats, speaker systems and security cameras. It is estimated that by the end of 2016 6.4 billion IoT-devices will be online, 30 percent more as in 2015. Every day 5.5 million devices get added to this number, leading up to 20.8 billion devices being online in 2020 (Gartner, 2015). The problem with these devices is that they cannot run traditional cybersecurity software and attempts to improve this cybersecurity is by far ranked less important as income because of the commercial aspirations of the companies producing them (DeCesare, 2016).
When we then bring DDos-attacks into the mix, we get an interesting situation. Distributed Denial of Service (DDoS)-attacks are attempts to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a large variety of important resources, like banks and news websites and are a major challenge when making sure people can publish and gain access to important information and online services. There are four classes of DDoS-attacks, these are TCP connection attacks, volumetric attacks, fragmentation attacks and application attacks (Digital Attack Map, 2016). Besides that, there are two amplification methods for the use in DDoS-attacks, namely DNS reflection and Chargen refection. These are not explained for scope purposes, but if interested can be researched online.
In this scenario the type of attack used was a volumetric attack, which attempts to consume bandwidth by simply causing congestion by the large number of requests from different unique IP-addresses. In addition, Chargen reflection could have been used since this is usually found on printers with outdated software, which are seen as IoT-devices.
Secondly, now the subjects are more clear, let’s look into the situation of yesterday’s attack and the potential problem for the future. The people behind the DDoS-attacks mainly look at three focal units, namely building capacity, launching the attacks and selling silence (Digital Attack Map, 2016). Building the capacity is made easy because of the ease of hacking of the IoT-devices. When trying to gather capacity for a volumetric DDoS-attack, the person behind this can easily involve your smart-tv, security camera and online speaker system and use their unique IP-addresses in generating large volumes of traffic for the target of the attack. This is exactly what happened yesterday when the actual attacks where launched and bandwidth was congested by requests of the volumetric attack.
‘The DDoS attack force included 50,000 to 100,000 internet of things (IoT) devices such as cameras and DVRs enslaved in a botnet, as well as an unknown number of other devices that are parts of other botnets, says Dale Drew, CTO of Level 3. He theorizes the mastermind behind the attack hired multiple botnets to compile the number wanted for the attacks’ (Networkworld.com, 2016).
This hiring of botnets falls under the last focal unit of selling silence. Selling silence is the selling of DDoS-attack capacity by people gathering and managing botnets, which can be collections of IoT-devices, to attack a target and create a successful attack. This creates a financial incentive to start gathering these devices into attack-ready bundles and selling this to the highest bidder to dismantle internet-based operations of the party this bidder designates as a target. However, we see that social and revolutionary groups use the attacks as a form of protest without financial goals in mind as well.
Finally, we conclude what we saw in the attacks, the developments in the area surrounding the discussed subjects and what this could imply for the future.
The attacks on Dyn show a new level of DDoS-attacks unprecedented in the past. The competition in the market is leading to the large-scale production of unsafe devices by commercially driven companies that can be bundled into attack-ready botnets due to their nature of not being ready to provide traditional cybersecurity. The creation of these botnets is done by people with financial or revolutionary incentives and these people make use of the weakness that the market creates by focussing mainly on higher profits. The large volume, which keeps on growing in the future makes the power of these botnets stronger and stronger every day, yet no one is willing to start with turning the situation around.
As the internet is turning into the backbone of the economy and digital companies take over more and more market share, shouldn’t we be considered in providing more safety and stability in this area. Companies like Amazon and Paypal being down in the attack show that a lack of insight and action in this area could well predict large external threats for the functioning of the digital market in the future. In addition, the anonymity of the internet traffic and incentives show that for the future, the use of these attacks for darker reasons could become more occurring. This could well be between countries, companies or individuals. Because one of the biggest mysteries that remains after the attacks is: Who and why?
(IDG & Dyn, 2016) http://resources.idgenterprise.com/original/AST-0166058_WP_IDG_IPM-Maximize-Online-Performance_Feb_2016_1_.pdf?SOURCE=01434520166058CIOUTK8YWZBJR
(DeCesare, 2016) https://techcrunch.com/2016/10/22/how-massive-ddos-attacks-are-undermining-the-internet/
(Gartner, 2016) http://www.gartner.com/newsroom/id/3165317
(Networkworld.com, 2016) http://www.networkworld.com/article/3134057/security/how-the-dyn-ddos-attack-unfolded.html
