The cyberattack that brought Twitter, PayPal and hundreds of other online sites to a halt Friday hijacked millions of routers, digital video recorders and other internet-connected appliances to carry out the assault.
The onslaught, which began around 7:10 a.m. EDT, centered on servers run by Dyn, a major provider of services that steer traffic to web pages. The servers at Dyn ground to a halt from the bombardment, which began on the East Coast and spread west in at least three waves throughout the day.
The attack reportedly relied on a strain of malware known as Mirai, which searches the web for devices that are plugged into the network then logs into them via factory default usernames and passwords. The infected devices can then hurl massive amounts of traffic at the target in an attack known as as distributed denial of service (DDoS).
https://twitter.com/Dyn/status/789444349998268416
Sites targeted in a DDoS attack groan under the barrage of traffic until they slow or shutter completely. A similar attack in September on the website KrebsonSecurity involved an assault with many orders of magnitude more intensity than needed to knock sites offline.
“Someone has a botnet with capabilities we haven’t seen before,” Martin McKeay, a senior security advocate at Akamai, told Brian Krebs, the site’s editor, following the attack on the Krebs site. “We looked at the traffic coming from the attacking systems, and they weren’t just from one region of the world or from a small subset of networks — they were everywhere.”
Many of the devices hijacked by Mirai reportedly infect hardware and software made by XiongMai Technologies, a Chinese company that sells the components to manufacturers who mass-produce the parts into DVRs and other devices.
The source code for Mirai was released publicly in September, according to Krebs, who predicted that the internet would soon be awash in attacks such as the one on Dyn, which serves many of the internet’s largest news, entertainment and shopping companies.
Mirai is one of at least two strains of malware that hackers use to launch DDoS attacks, which marshal millions of devices that make up the so-called Internet of Things.
A spokesman for the FBI told the Times that agents were investigating all possible causes, including a state sponsor, in Friday’s attack.