Learning from major cyber security incidents
Learning from major cyber security incidents

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Learning from major cyber security incidents

4.1 What was the attack?

On 21 October 2016, a major network outage occurred that rendered many well-known websites – including Twitter, Netflix, Spotify, Reddit, PayPal and eBay – inaccessible for hours. The outage was caused by an attack on an important protocol underpinning the infrastructure of the internet called the Domain Name System (DNS). This translates the alphabetic internet domain and host names, such as the website addresses entered into web browsers, into numeric IP addresses. Without this translation, the website names will not be converted to computer-readable numeric IP addresses and hence the web browser will not be able to connect to the website you want to go to. Only a small number of companies in the world are hosting this crucial ‘web directory’ and Dyn is one of them. Dyn provides DNS services to around 30 international corporations, including those listed above.

On the day in question, Dyn was targeted by a series of highly sophisticated DDoS attacks. It started at about 12 p.m. BST and the company managed to fix the problem after two hours. However, another attack happened at 4 p.m. and it took the company another three hours to resume the main service.

The magnitude, duration and complexity of this DDoS attack were much higher than those of ordinary DDoS attacks, and this led security experts to suspect that this was a state-sponsored attack. Internationally renowned security expert Bruce Schneier said ‘it feels like a large nation state. China and Russia would be my first guesses’ (Griffin and Walker, 2016). Another security expert, Lawrence Orans, a research vice president at Gartner specialising in web security and DDoS attacks, agreed and said ‘An attack of this magnitude can’t be executed by a kid in his bedroom […] It’s more sophisticated than that. A nation state would be a prime suspect’ (Griffin and Walker, 2016).

Despite the security experts’ suggestions that this might be a state-sponsored attack, it wasn’t actually the first attack of this kind. Very similar attacks happened in September 2016 and included extraordinary high-traffic attacks to the blog of the security journalist Brian Krebs (620 Gbit/s) and French cloud company OVH (1 Tbit/s). To bring down an ordinary website, a traffic volume of 20–40 Gbit/s is usually enough so the traffic for these two attacks was many times higher than needed. Who was behind these attacks? Would kids really be unable to launch this kind of attack in their bedroom? If not, was a nation state the culprit, as Schneier and Orans suggested?

All these DDoS attacks were launched using an unusually large botnet composed of computing devices from all over the world. Unlike conventional botnets, this botnet was made up of online consumer devices such as IP cameras, network-enabled media players and home routers. As many of these devices had weak security protection and many of their users didn’t change the default settings (including factory default usernames and passwords), they could be hacked fairly easily. A piece of malware known as Mirai (which means ‘future’ in Japanese) is able to exploit the security weakness of these devices and ‘harvest’ them to form a large and diverse botnet. Mirai randomly scans the internet for vulnerable devices; once one is found, it will attempt to gain access and take control over of it. The device’s owner will not usually notice the hijack as the device will still be functioning, though perhaps a little slower than usual.

TM255_1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371