TwitterACicon86x90vert facebookACicon86x90vert
TV/Radio XFINITY | WOW! | WBBM | WXRT | B96 + Dance | US99 | K-HITS CHICAGO

   *** SCORES: BEARS | BLACKHAWKS | BULLS | CUBS | FIRE | WHITE SOX ***
YoutubeTwitterFacebookArlingtoncardinalYahoo! Google Bing Aol.ArlingtoncardinalTMZ Rotten Tomatoes ET Online Box Office MojoArlingtoncardinal Channel 9 WGN Channel 7 Chicago ABC Channel 5 Chicago NBC Channel 2 Chicago CBS Daily HeraldChicago Tribune Breaking NewsArlingtoncardinal Chicago Gas PricesFloridaCardinal.comGLOBALCONFLICTMAPS.COM Arlingtoncards.com THE GUIDE

CYBERATTACK: Mirai Malware Believed Used in Major Distributed Denial of Service Attack on Dyn Inc.

Sun October 23 2016 9:04 am  http://www.arlingtoncardinal.com/?p=80611
 Share The Cardinal -- Arlingtoncardinal.com Articles (E-Mail, Facebook, Twitter & More) 

CHICAGO BEARS RADIO -- WBBM Newsradio 780 "Traffic on the 8's"

On Friday, October 21, 2016 major cyberattacks crippled the major internet firm Dyn Inc., and repeatedly disrupted the availability of popular websites across the United States. A hacker group claiming responsibility said that the day’s antics were just a dry run and that it has its sights set on a much bigger target. And the attackers now have the ability to use the increasing array of everyday Internet-enabled household devices (connected webcams, thermostats, etc.) they can subvert and use to wreak havoc. Ironically, October is Cyber Awareness month.

Manchester, New Hampshire-based Dyn Inc. said its server infrastructure was hit by distributed denial-of-service, or DDoS, attacks. These work by overwhelming targeted machines with an overload of junk data traffic – compared to knocking someone over by blasting them with a fire hose, or constantly ringing a doorbell. The attack temporarily blocked some access to popular websites from across America and Europe, including Amazon, Twitter, Netflix and PayPal.

Content delivery network, Internet security services and distributed domain name server services provider Cloudflare reported that ongoing, large scale Denial-of-Service that there was a large attack directed against Dyn DNS. While Cloudflare services operated normally, at least some customers using both Cloudflare and Dyn services were affected.

Customers using CNAME records which point to a zone hosted on Dyn, with DNS queries directed to Dyn were suspected of failures, making websites unavailable, and caused a “1001” error message.

Some popular services that might rely on Dyn for part of their operations include GitHub Pages (software code repository), Heroku (cloud platform), Shopify (online store provider) and AWS (Amazon Web Services, a cloud-computing services subsidiary of Amazon.com).

OCTOBER 21 ATTACK TIMELINE
DDoS attack begins 7:00 a.m. (EDT), resolved by 9:20 a.m.

Second attack reported 11:52 a.m. and Internet users began reporting difficulties accessing websites.

Third attack begins about 4:00 p.m.

Dyn reports issue resolved at 6:11 p.m.

Jason Read, founder of the Internet performance monitoring firm CloudHarmony, owned by Gartner Inc., said his company tracked a half-hour-long disruption early Friday affecting access to many sites from the East Coast. A second attack later in the day spread disruption to the West Coast as well as some users in Europe.

While DDoS attacks have been used for years, they’ve become very popular in recent months, thanks to the proliferation of “Internet of Things” devices ranging from connected thermostats to security cameras and smart TVs. Many of those devices feature little in the way of security, making them easy targets for hackers.

— Lance Cottrell, chief scientist Ntrepid

The hacker group known as New World Hackers claimed responsibility for the attack via Twitter, though that claim could not be verified. They said they organized networks of connected devices to create a massive botnet that directed 1.2 trillion bits of data per second at Dyn’s servers. Dyn officials wouldn’t confirm the figure during a conference call later Friday with reporters.



A botnet is a number of Internet-connected computers or IP devices that are capable of communicating with networked computers. Actions of the devices can be directed by command and control, and each illegally-controlled device is known as a “bot” or “zombie” computer or device. However, the “bot” may be more specifically defined as the payload or the device that carries the payload that causes the malicious activity. When the device comes under command and control and is affected by malware it becomes the the “zombie” computer or “Internet of Things” (IoT) device. Botnets can be rented out by cybercriminals as commodities for a variety of malicious purposes, and little skill or resources are necessary to mount a botnet attack. Lance Cottrell, chief scientist for cybersecurity firm Ntrepid, said that would-be attackers can rent botnets for as little as $100, and that the long-term solution lies in improving the security of all internet-connected devices.

FIRE HOSE DDoS ATTACKS INCREASING

DDoS attacks have been growing in frequency and size in recent months. But if the hackers’ claims are true, Friday’s attacks take DDoS to a new level. According to a report from the cybersecurity firm Verisign, the largest DDoS attack perpetrated during the second quarter of this year peaked at just 256 billion bits per second.

The malware believed to have been used for the October 2016 Dyn cyberattack is believed to have been “Mirai” which is well understood because its source code has been published in hacker forums. Mirai continuously scans the internet for IoT devices and infects them by using a table of common factory default usernames and passwords for access. The IoT device remains infected until it is rebooted. The IoT device will be reinfected within minutes, unless the login password of the IoT device is changed immediately.

There are hundreds of thousands of vulnerable IoT devices which use the default settings (e.g., User name: ADMIN, Password: PASSWORD). Once infected, each IoT device will connect to a command and control server which directs the target and instructions of an attack.

“Internet of Things” (IoT) devices such as Internet-connected home routers, thermostats, security cameras, DVRs, webcams, smart TVs, and baby monitors are known to have been infected by the Mirai malware.

The Associated Press reported that a huge September 2016 attack that caused a shutdown of security journalist Brian Krebs’ website clocked in at 620 billion bits per second. Research from the cybersecurity firm Flashpoint said Friday that the same kind of malware was used in the attacks against both Krebs and Dyn.

The power of this kind of cyberattack is limited by the number of devices an attacker can engage and control. A few years ago, most attackers were limited to infecting and controlling “zombie” home PCs. But the popularity of new Internet-connected devices has vastly increased the pool of potential devices that can participate in a botnet. The average North American home contains 13 internet-connected devices, according to the research firm IHS Markit.

Since the attacks usually don’t harm the consumer electronics companies that build the devices, or the consumers that unwittingly use them, companies have little incentive to boost security, Cottrell said.

WHAT’S BEHIND THE ATTACKS

Like with other online attacks, the motivation behind DDoS attacks is usually mischief, politics or money. DDoS attacks have also been used in extortion attempts, something that’s been made easier by the advent of Bitcoin.

For its part, a member of New World Hackers who identified themselves as “Prophet” told an AP reporter via Twitter direct message exchange that the hacker collective isn’t motivated by money and doesn’t have anything personal against Dyn, Twitter or any of the other sites affected by the attacks. Instead, the hacker said, the attacks were merely a test, and claimed that the next target will be the Russian government for committing alleged cyberattacks against the U.S. earlier this year. The claims couldn’t be verified.

“Twitter was kind of the main target. It showed people who doubted us what we were capable of doing, plus we got the chance to see our capability.”

— “Prophet”

New World Hackers in the past has claimed responsibility for similar attacks against sites including ESPNFantasySports.com in September and the BBC on Dec. 31, 2015. The attack on the BBC marshalled half the computing power of Friday’s attacks.

A SHIFTING GLOBAL ASSAULT

Dyn said it first became aware of an attack around 7:00 a.m. local time, focused on data centers on the East Coast of the U.S. Services were restored about two hours later. Attackers then shifted to offshore data centers, and the latest wave of problems continued until Friday evening Eastern time.

“Prophet” told the AP that his group actually had stopped its attacks by Friday afternoon, but that others, including members of the hacker collective known as Anonymous, had picked up where they left off. Anonymous didn’t respond to a request for comment via Twitter.

White House spokesman Josh Earnest told reporters Friday that the U.S. Department of Homeland Security is monitoring the situation. Earnest said he had no information about who may be behind the disruption.

Cottrell noted that there are several firms that offer protection against DDoS attacks, by giving companies a way to divert the bad traffic and remain online in case of an attack. But monthly subscription fees for these services are generally equal to a typical DDoS extortion payment, giving companies little incentive to pay for them.

See also …

AP Attacks on the internet keep getting bigger and nastier

CLOUDFLARE Dyn issues affecting joint customers




Get updates from The Cardinal ALL NEWS FEEDS on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Page (become a fan of our page). The updates cover all posts and sub-category posts from The Cardinal — Arlingtoncardinal.com. You can also limit feeds to specific categories. See all of The Cardinal Facebook fan pages at Arlingtoncardinal.com/about/facebook …


Help fund The Cardinal Arlingtoncardinal.com/sponsor

CLEAR SKIES?  Weather Data for Sunday, October 23rd, 2016

Tags: , , , , , ,    

IMPORTANT NOTE: All persons referred to as subjects, defendants, offenders or suspects, etc. are presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.


Try a more powerful search in the box below ... SEARCH BOX PRODUCES RESULTS FOR The Cardinal -- Arlingtoncardinal.com ...
(POWERFUL SEARCH for The Cardinal, which can be expanded on the results page.)

Where background Wikipedia info/photos are used, original work is modified and released under CC-BY-SA.

! MORE NEWS FAST!!! MOST RECENT: CRIMEBLOG | MOST RECENT: FIREBLOG | SUBMIT NEWS TIPS
::: Health, wellness and fitness gifts! CoolFitnessGifts.com ::: Cubs, Sox caps at ChicagoFanfare.com :::

ARLINGTON HEIGHTS BREAKING NEWS --The Cardinal -- Arlingtoncardinal.com is a breaking news blog with Arlington Heights & Chicagoland emphasis. Early breaking reports may prove to be inaccurate after follow-up investigation, which may or may not be updated in The Cardinal -- Arlingtoncardinal.com. For in-depth coverage, please also check the following links for network television, cable news networks and Chicago local media coverage ...

Daily Herald | Daily Herald -- Arlington Heights | YouTube.com/DailyHeraldClips
Today's headline videos: FOXNews Video | YouTube.com/FoxNews | Associated Press | The Cardinal
Chicago Area Newspapers
CNN Arlington Heights  FOXNEWS  BREITBART.COM  cbs2chicago  NBC 5 Chicago  abc7chicago   WGNTV      WGNRADIO720  NEWSRADIO 78  CHICAGO BREAKING NEW  Daily Herald Arlington Heights  Chicago Tribune   Seed Newsvine
 
Video LOGO youtube Twitter Arlingtoncards facebook battery status Cardinal Calendar Search Batteries Plus RSS Help ...
All Headlines
crimeblog | fireblog
« EARLIER | SEARCH ARTICLES BY DATE -- Arlingtoncardinal.com/searchdate | LATER »

Comments for Arlingtoncardinal.com
COMMENTS are now available via one or more of our official Facebook pages. Comments no longer appear on the Arlingtoncardinal.com article per se. Please comment on Facebook.com/ArlingtonCardinal or check the other popular Arlington Cardinal Facebook pages at Arlingtoncardinal.com/about/facebook ...

SUBMIT CRIME TIPS ...
Anyone having information about serious crime in Arlington Heights should register on CitizenObserver.com and look for the anonymous TIP411 feature, or call Arlington Heights Crime Stoppers at 847-590-STOP (847-590-7867). Callers are guaranteed anonymity and may qualify for a cash reward of up to $1,000. Not a resident of Arlington Heights? Check CitizenObserver.com for availability for your community.

   Arlingtoncardinal.com/traffic | Traffic on Twitter

CHICAGOLAND RADAR


Weather radar map is provided by DarkSky.net
Arl Hts Weather | NEXRAD | FULL SCREEN RADAR

RSS Cardinal Weather Center

  • Current Conditions : 58.1F, Clear - 6:05 AM CDT Aug. 23
    Temperature: 58.1°F | Humidity: 89% | Pressure: 30.02in (Steady) | Conditions: Clear | Wind Direction: West | Wind Speed: 0.0mph
  • Tonight as of Aug. 23 3:19 AM CDT
    Tonight - Partly cloudy in the evening then becoming mostly cloudy late with a slight chance of showers near the lake. Lows in the mid 50s in the suburbs... but in the lower 60s downtown. North winds 5 to 10 mph.
  • Today as of Aug. 23 3:19 AM CDT
    Today - Mostly sunny this morning then becoming partly cloudy. Highs in the mid 70s. Northwest winds 10 to 15 mph, becoming northeast near the lake this afternoon.
  • Thursday as of Aug. 23 3:19 AM CDT
    Thursday - Partly sunny. A 30 percent chance of showers in the morning. Highs in the lower 70s. Northeast winds 5 to 10 mph.

US & WORLD NEWS

Top News Video …

CHICAGOFIREMAP.NET TWITTER

digital-lifestyle.com

TMZ Plus …

RSS OBITUARIES