Massive Internet-wide DDoS attack October 21 2016
Internet-wide DDoS attack October 21 2016
Today’s (October 21, 2016) wide spread global DDoS attack was a big event, and a bad one: An attack on the Internet, not just on a website. A DDoS attack is when bad actors flood a server with redundant or duplicate requests to freeze it up and make it fall over.
The attackers didn’t target a standard website server. Instead they targeted key servers that manage millions of other servers. So if your Spotify app or Twitter feed or SnapChat fix was down, that’s why. Etsy, Tumblr, Flickr, Pinterest, Airbnb, Reddit, Paypal, Soundcloud, Github and a whole batch of media giants were also down — CNN, The Guardian, Financial Times, New York Times, Boston Globe.
This was an attack on the plumbing and wiring of the Internet itself — not, as is usual in DDoS attacks, on the painting and decoration of any one website.
One way of looking at it is: If Twitter, SnapChat, Etsy, Pinterest, Reddit, Paypal, The FT and other giants can go down, then no one can protect against a global event like this.
Another way of looking at it is: If they can go down, so can you. You can’t stop this kind of global event but you can minimize the damage from them, and from local events.
What are local events? For merchants, the biggest threat is from a tech-savvy competitor taking you offline… if you’re an agency/consultant, the threat is more likely to be from a group hostile to clients you represent burying your site. These attacks can be precisely targeted to rip out just you site’s plumbing and wiring.
This particular cyber attack was launched by using malicious code to network a huge range of Internet-connected household devices together — phones, cameras, DVRs, routers, even kettles (Yes, some people have Internet-connected kettles…) — and get them to overwhelm critical servers with multiple requests.
These everyday devices are easy to hack and take over (“enslave”). And they’re the same everyday devices that the prophets of the “Internet of things” (IoT) cheerfully tell us will all be linked together: so you can communicate with your kettle while you are at work… and someone is re-programming it.
A botnet could enslave almost any Internet-connected device, from surveillance cameras and drones to electronic medical implants and toothbrushes (Yes, Beam Brushes makes a “connected” toothbrush). Quite apart from the damage hackers could do to users of some of these devices (former US VP Dick Cheney feared assassination via pacemaker hack) , it’s possible to “weaponize” them all to a common purpose. You’ll never look at your webcam and kettle again the same way. It’s no joke.