'Smart' home devices used as weapons in website attack

BBC ^ | 10/22/2106

[McGruff]

Hackers used internet-connected home devices, such as CCTV cameras and printers, to attack popular websites on Friday, security analysts say.

Twitter, Spotify, and Reddit were among the sites taken offline on Friday.

Each uses a company called Dyn, which was the target of the attack, to direct users to its website.

Security analysts now believe the attack used the "internet of things" - web-connected home devices - to launch the assault.

[McGruff]

Security firm Flashpoint said it had confirmed that the attack used "botnets" infected with the "Mirai" malware.

Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits.

[McGruff]

“Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords,” explained cybersecurity expert Brian Krebs, “and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.”

The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote.

[WKUHilltopper]

So this is why I had to pump five rounds into my refrigerator when it tried to kill me.

[Voluntaryist]

Twitter, Spotify, and Reddit were among the sites taken offline on Friday.

They weren't taken offline! All you had to do to see through this was to use Tor browser...

[McGruff]

Similar report here:

http://www.usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/

DDoS attacks flood servers with so many fake requests for information that they cannot respond to real ones, often crashing under the barrage. It’s unclear who orchestrated the attack.

“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning though,” said Kyle York, Dyn’s chief strategy officer said on a conference call with reporters Friday afternoon.

[McGruff]

... It’s unclear who orchestrated the attack....

Watch, Hillary will blame the Russians and Trump for his cozy relationship with Putin.

[pieceofthepuzzle]

“By the time Skynet became self-aware it had spread into millions of computer servers across the planet. Ordinary computers in office buildings, dorm rooms; everywhere. It was software; in cyberspace. There was no system core; it could not be shutdown.”

[cong. dance leader]

LOL, Skynet has become self-aware!

[truth_seeker]

I read elsewhere the “attack” was a demo, sort of “see what we can do?”

[FrankR]

I have a “smart” TV, but I end never set it up, or accessed it that way.

[Salamander]

[thoolou]

I’ve been warning about this IoT crap for years...

[snarkpup]

“In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters,”

[dfwgator]

Yep. Just because you can do something, doesn’t necessarily make it a good idea.

[real saxophonist]

Wasn’t there a CSI episode about a ‘smart’ house killing its owner? I think it might have been CSI:Cyber, and the house was hacked.

[so_real]

Isn't the greater underlying flaw that :

  1) The DNS system is not distributed enough if an attack on one organization (Dyn) can have such a dramatic impact, and

  2) That expired DNS records are not held for any length of time when an authoritative server cannot be reached for update or not-found response

???

Hardware and software will undoubtedly be exploited again in the future. And without a change to the above, the exploit will have the same effect. Shouldn't the geeks seek to improve DNS distribution and robustness in the mean time? Would love for the FR geeks to comment.

[GOPJ]

I bought a power strip on Amazon (basically an extension cord) and the thing showed up as feeding off my modem. It wouldn't take much for citizens to be made aware of options... ways to safeguard their homes.

Guess it won't happen unless someone bribes Congress with fat donations or ‘gives’ to the Clinton Foundation...

America's becoming a hellhole.

[GOPJ]

A Samsung device is feeding off my modem - I don’t know if it’s the Smart TV or the new Refrigerator...

[Secret Agent Man]

Don’t have any “smart” hackable appliances in the house.

[VaRepublican]

sec+ ping