“Personal Devices Used as a Weapon to Hack” – DDoS attacks on DNS service provider, Dyn, led to many users losing internet connection recently

Millions of personal devices connected to the internet were used as a weapon to assist the cyber attacks that happened on Friday 21st October.

The tools assisted the cyber hackers to launch a huge DDoS cyber attack against major websites – the target of the attack being a DNS service provider, Dyn, based in New Hampshire, U.S.

It was a huge attack.

Dyn and the DDoS attack

Dyn offers a DNS service which is said to be the internet’s equivalent of a phone book. The DNS service helps find and connect people to the right servers, so browsers are able to supply the requested content. It essentially means that, when you type a web address in to your browser, the DNS provider will take you to the website.

The DDoS cyber attack used household devices to overpower the DNS server with requests and excessive spam which, like a bottleneck scenario, blocked access to users.

Imagine it as a traffic jam – loads of cars trying to use one road at the same time. When traffic is steady and normal, it can flow with ease; but when there are too many cars, traffic can come to a stop.

With that much pressure, the DNS was unable to complete any of the requests, and people were unable to access millions of websites.

Big affected websites included Twitter, Netflix, Amazon and Paypal. You can see that a cyber attack of this nature can have devastating consequences, particularly for online retailers who could lose millions of pounds by being down for even just a few hours.

Speedy resolution

The nature of the cyber attack was actually quite a “sophisticated and complex” process. The devices that were accessed and used as a tool for the hack sent “bogus signals” out to the web service provider, Dyn. In dealing with the attack, Dyn resolved the issue in a matter of a few hours.

It’s impressive that Dyn managed to quarantine the situation and resolve the issue in a timely manner. But a problem still persists in that Dyn claims that “the attack highlights a new vulnerability”. Although Dyn managed to respond to several attacks, there is an ongoing investigation into the attack.

There are still worries of this type of DDoS attack as it has been a large issue and there were no signs of slowing it down. Matthew Prince, the CEO of an internet infrastructure called Cloudflare, said that these kinds of attacks “tend to be difficult to stop”.

The role of organisations

Technology companies, security specialists, and government departments are doing their best to prevent further potential attacks. It’s crucial that these organisations review the DDoS mitigation process for their own company, as well as for the safety and interests of the public. Public investigators are said to be working with the private sector to develop mitigation procedures, and it’s thought that strategic principles will be released in the near future.

The importance of this is becoming more and more apparent: as the digital era grows, so do the risks of cyber attacks. Prevention methods and mitigation procedures should be reviewed with scrutiny, and where there is a lack of such methods, the same should be quickly implemented.

Over the last 12 months there have been some huge cyber attacks, including Yahoo and TalkTalk. These sorts of attacks serve as an important reminder that the web is an easy victim, and this is even truer if there are a lack of precautions taken.

What you can do

It may be impossible to prevent these types of attacks, but to minimise the vulnerability of these hacks, individuals should use strong passwords, and keep devices up to date – Manufacturers can play a part in this by recalling or making more innovative devices to ensure that security is at the peak.

“iOS and Android are Leaking Data” – The mobile device software providers are leaking all types of data, including metadata, personal data, and location data

“Data breach fines that could dismantle a company” – The Payment Card Industry Security Standards Council imposes a new EU regulation that could impose £122 billion worth of data breach fines on U.K. companies, taking effect in 2018