*** UPDATE *** Twitter appears to be accessible again, as is Constant Contact, which handles my subscriber e-mails. The afternoon edition has just been sent.
[ *** End Of Update *** ]
* Washington Post…
Someone attacked a key part of the Internet’s infrastructure Friday morning, causing some major services such as Twitter, Spotify and Airbnb to be inaccessible for some users.
The attack targeted Dyn, a company that helps people connect to websites, with a huge amount of traffic in an attempt to knock the service offline, according to Dyn’s director of internet analysis, Doug Madory. The digital assault appears to have started around 7:30 a.m. ET, and Dyn said it was resolved at roughly 9:20 a.m.
The service Dyn provides is called the Domain Name System. It works sort of like a phone book for the Internet - it translates URLs into the numerical IP addresses for the servers that actually host sites so your browser can connect to them.
This type of attack is commonly known as a distributed denial of service, or DDoS attack. The effects of the attack were intermittent, and many of the details remain scarce, although it appears to have primarily affected users on the East Coast, according to Dyn.
The initial attack came at 7:10 Eastern time, lasted about two hours and then started again around noon. I can still pull up Twitter on my phone, but I can’t get to it to load on my desktop as I write this.
* TechnoBuffalo…
Is it possible this is the latest from the Mirai botnet? Mirai, if you’re unfamiliar, was a botnet that used unsecured devices in the internet of things – printers, coffee machines, IP cameras, open Linux computers and the like – to send an unprecedented 620 Gbps of data at security researcher Brian Krebs’ website. We talked to hackers following that attack and, now that the Mirai code is open sourced, learned that these sorts of threats are only going to continue and increase in size.
“Once they’ve been hijacked, the devices can be switched from sending normal amounts of data to and from your computer, to sending massive amounts of data at a single target,” I explained in my report about DDoS attacks this month. ” Ultimately, the traffic from hundreds or thousands of these devices can exceed the throughput available to a website or a service, denying additional requests access.”
Dyn provided assistance to Krebs, which is why some think the two attacks are connected.
* TechCrunch…
After the attack on Krebs’ website, the code used to build the botnet leaked online, making more massive DDoS attacks all but inevitable. Although it’s not clear yet whether an IoT botnet is behind the attack on Dyn, it certainly would not be surprising.
Oof.
* More from Krebs…
“The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers,” Krebs said today.
What all these connected devices have in common is the existence of security vulnerabilities caused by a flawed software design or gross negligence on the part of their manufacturers that all often use the same factory passwords for all their devices, OVH said in a recent post about the attack on its networks.
“While our internal investigation (which is still ongoing) has identified close to 145,000 infected connected devices as the source of the recent attacks, network service provider Level3 has recently assessed their number at more than a million,” according to OVH. “So we’re only at the beginning of the problem, not to mention the fact that Internet connection rates are constantly growing, notably due to the ever-increasing availability of VDSL, SDSL, and fiber optics.”
Ugh.
* So, why is this relevant to us? Well, I’m hearing and reading about how some tech types are growing worried that this sort of attack could be launched against election authorities on November 8th.
A massive hit like this wouldn’t alter the results, but it could delay the results from being posted online for several hours or even a few days.
Brace yourselves. We’re in a new world.
- Honeybear - Friday, Oct 21, 16 @ 1:13 pm:
That right there is why we get paper statements still for every account. I’m sure if we get hit it probably won’t make a difference but at least I’ll have something to wave aggressively at the teller at the bank. “See I should have this much in my account!”
- weltschmerz - Friday, Oct 21, 16 @ 1:14 pm:
Years ago, copiers were coded to act as homing devices for cruise missiles. Since totalitarian regimes limited the possession of copiers to themselves, these served as excellent target indicators. Can’t alter election results; don’t be silly.
- weltschmerz - Friday, Oct 21, 16 @ 1:16 pm:
Honeybear - What do you think produces those paper reports, an IBM Selectric?
- Boone's is Back - Friday, Oct 21, 16 @ 1:25 pm:
Wow that’s really scary. I can see Putin rubbing his hands together right now…
- Big Muddy - Friday, Oct 21, 16 @ 1:39 pm:
WOW, I didn’t know Madigan’s control of everything was so advanced.
- Dirty Red - Friday, Oct 21, 16 @ 1:41 pm:
= The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices =
Somehow when I bought a smart toaster that can connect to an app on my phone because it has WiFi card I knew it would help make Donald Trump president.
- Huh? - Friday, Oct 21, 16 @ 1:44 pm:
The Internet of things is a vulnerable organism. Cyber security has been an afterthought during the development of many items we take for granted.
- A guy - Friday, Oct 21, 16 @ 1:45 pm:
http://www.nbcchicago.com/news/tech/Major-Websites-Taken-Down-by-Internet-Attack-397905801.html?Fffg
Oy.
- Sarah Connor - Friday, Oct 21, 16 @ 1:46 pm:
Is somebody looking for me?
- Bill F. - Friday, Oct 21, 16 @ 1:49 pm:
Had trouble on IDNR today. Wonder if this is related.
- Anonymous - Friday, Oct 21, 16 @ 1:50 pm:
This ought to make everyone more concerned about Hillary’s State Deapartment E-mails.
- hisgirlfriday - Friday, Oct 21, 16 @ 1:50 pm:
Is this revenge for that punk Assange getting his Internet turned off?
- In 630 - Friday, Oct 21, 16 @ 1:58 pm:
And delayed results creates space for conspiracy theorists to make up tales of manufactured results, facts be damned.
- Norseman - Friday, Oct 21, 16 @ 2:00 pm:
This is a very scary situation and needs to become a higher government priority in protecting our increasing dependence on Internet and WiFi technology. One day we may be living through a real crisis similar to that envisioned in the movie Die Hard …
- Amalia - Friday, Oct 21, 16 @ 2:01 pm:
I get routinely eye rolled when I describe that I have mobile, landline (yes), tv, and internet all in different pots and that I do not connect my phone to my car. it’s like money, don’t put all your eggs in one basket. things can go down easily. whether it is from some teen jerk hacker, or an accused rapist, half of whose supporters left his organization and destroyed his hardware, who switched from whistle blowing to just opening other people’s mail, the danger lurks if you are too connected. and, yes, there’s a wind up alarm clock at my house too!
- Name Withheld - Friday, Oct 21, 16 @ 2:04 pm:
Are most electronic voting machines networked, or stand-alone (not connected to any network)?
Assuming they are standalone, then all that’s necessary is to have a device that can read (not write to) the memory cards and then send the information in some fashion.
If they are networked, with access to the outside (meaning the Internet) then God help us.
- Jeff Trigg - Friday, Oct 21, 16 @ 2:11 pm:
Maybe hanging chads aren’t such a bad thing after all.
- Give Me A Break - Friday, Oct 21, 16 @ 2:11 pm:
It would appear Twitter is behaving right now as it did this morning when the “attack” happened.
- Rich Miller - Friday, Oct 21, 16 @ 2:12 pm:
===Are most electronic voting machines networked===
Not in Illinois.
- Rich Miller - Friday, Oct 21, 16 @ 2:13 pm:
===It would appear Twitter is behaving right now as it did this morning when the “attack” happened===
As explained above, there have been two attacks today.
- Dirty Red - Friday, Oct 21, 16 @ 2:20 pm:
By the way, East St. Louis, this is not an opportunity for you to go tortise and hare, slow and steady wins the race on all of us. I’m not staying up late on Election Night again because of your shenanigans.
- Dirty Red - Friday, Oct 21, 16 @ 2:21 pm:
= I’m not staying up late on Election Night again because of your shenanigans. =
Just kidding. I totally am. *sigh*
- Streator Curmudgeon - Friday, Oct 21, 16 @ 2:27 pm:
Fifty years ago, some people couldn’t be trusted with BB guns. Today it’s computers.
- Cheryl44 - Friday, Oct 21, 16 @ 2:38 pm:
Hey anon 1:50:
The opposite is true. The hacker would look for a government server to attack the office.
- Judgment Day - Friday, Oct 21, 16 @ 2:53 pm:
Here’s a link to Techdirt on these events:
Link is: https://www.techdirt.com/articles/20161021/09440935851/nice-internet-youve-got-there-you-wouldnt-want-something-to-happen-to-it.shtml#comments
Offering a different POV, we have a federal government that is ‘raising the alarm’ (DHS in particular), when all the federal government has seemed to do so far is to harass and attack the hacking community.
How’s that approach worked so far? Not particularly well, IMO.
Fact is, the Feds need the hackers to solve these problems. The Feds only answer seems to be more spying and repression. DHS (Dept. of Homeland INsecurity) relationships with the hacking community is pretty comparable to CPD relationships with the minority communities in Chicago.
Can you say “pretty poor”…..
Am I in favor of this? NO!. More cleanup work for people like me.
There’s a term you hear in this business. It’s “Nerd Harder”. But when you have the federal government going out of there way to persecute the people who can fix this stuff, why would you be surprised this stuff is happening?
Just a different viewpoint to consider…..
- MGB - Friday, Oct 21, 16 @ 3:06 pm:
===Are most electronic voting machines networked===
But the electronic poll books being used because of same day registration are networked. Could create massive bottleneck if internet goes down.
- Rich Miller - Friday, Oct 21, 16 @ 3:31 pm:
===Could create massive bottleneck if internet goes down. ===
In Chicago especially.
- 47th Ward - Friday, Oct 21, 16 @ 4:10 pm:
Well, I first became aware of it, Mandrake, during the physical act of on-line love. Yes, uh, a profound sense of fatigue, a feeling of emptiness followed. Luckily I was able to interpret these feelings correctly. Loss of internet service. I can assure you it has not recurred, Mandrake. Women sense my power and they seek my wi-fi connection. I do not avoid women, Mandrake. But I do deny them my password.
- Name Withheld - Friday, Oct 21, 16 @ 4:12 pm:
Now that is something I hadn’t considered. That would absolutely create a bottleneck. Here’s to hoping there’s a robust network backbone in place on Election Day.
- Norseman - Friday, Oct 21, 16 @ 4:29 pm:
47 that was pure comedic essence.