Last Friday morning 7am Eastern Time, news started breaking of the internet being down on the east coast of the US. People were having issues accessing multiple websites including Netflix, Amazon, and Twitter during a period of two hours. Later that day, a second shorter outage occurred.
So what happened?
First to understand what happened, let me provide a brief and basic, completely non-technical (i.e. no acronyms) explanation of what happens each time any of us makes a request to access a website, or any service for that matter, online. On our device (PC, Mac, smart device etc.) we type, for example, Amazon.com. The device then uses a "mapping service" to locate where that website is located. When the "mapping service" receives the request from the device to access Amazon.com, it will reply and tell it how to locate the servers containing that website, so your device can open and one can browse it.
There are many of these "mapping services" available for use across the planet. Each is comprised of hundreds of servers, and each service uses other “mapping services” to help keep their instruction sets up to date and therefore constantly provide the correct directions for every request received.
Got it so far?
From the information I have gathered, on Friday morning, a piece of malware (named Marai) was activated, which had been previously distributed to thousands of devices, but until now was lying dormant. When activated, the thousands of devices it was running on started sending repetitive requests to one particular “mapping service” named DYN.
The service got overloaded, it could not handle the number of requests being received and therefore every device request started to go unanswered. This meant that if your device was requesting direction from DYN at the time, you could not access the website or service you wanted. Once DYN resolved this issue over the course of the day, all device requests started receiving replies and people were accessing websites and services again.
What was different about this cyber-attack?
There were a couple of things that were different about his attack:
- It was an attack not on specific websites, but on the mechanism that allows us all to access those websites. This gets people worried, as the number of people affected is much wider than say one company’s web site or service being hacked. The positive from this is that the attack was stopped pretty quickly, therefore showing the response plans these services have in place is strong.
- Supposedly it was a hacktivist group that performed this attack, a group of ideologically motivated people. This has a lot of people worried about the notion of a nation state, or another ideological group with far worse intent, performing the same type of attack on the US or an ally with more prolonged and damaging consequences.
I don't think the above two points are the issue, though. I think they are the symptoms of the real issue – the Internet of Things.
What is the Internet of Things?
The Internet of Things, or IoT, is the term used to describe the connection of all sorts of consumer devices (from fridges to cars) to the internet to communicate, self-manage, self-learn, self-heal etc.
One of the more prominent examples in this area is the automobile industry. We have gone from basic GPS, to fully integrated personal device capability, software managed engines, remote diagnostics and maintenance and now to self-driving capabilities in less than 10 years.
The issue is the security of the systems in place has not advanced at the same pace. The prevailing thought is that technology has been designed, built, and then implemented, but fully secured as an afterthought. Security needs to be part of the design process! 1000's of consumer devices were used to send the requests that jammed the internet on Friday morning. How IoT matures from a security perspective will probably determine how many of these type of attacks will occur and how effective they will be in the future.