Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Disgruntled Gamer ‘Likely’ Behind October US Hacking: Expert

The hacker who shut down large parts of the US internet last month was probably a disgruntled gamer, said an expert whose company closely monitored the attack Wednesday.

The hacker who shut down large parts of the US internet last month was probably a disgruntled gamer, said an expert whose company closely monitored the attack Wednesday.

Dale Drew, chief security officer for Level 3 Communications, which mapped out how the October 21 attack took place, told a Congressional panel that the person had rented time on a botnet — a network of web-connected machines that can be manipulated with malware — to level the attack.

Using a powerful malware known as Mirai, the attacker harnessed some 150,000 “Internet of Things” (IoT) devices such as cameras, lightbulbs and appliances to overwhelm the systems of Dynamic Network Services Inc, or Dyn, which operates a key hub in the internet, according to Drew.

The so-called distributed denial of service attack jammed up traffic routing the Dyn’s servers to major websites like Amazon, Twitter and Netflix for hours before the attack could be overwhelmed.

“We believe that in the case of Dyn, the relatively unsophisticated attacker sought to take offline a gaming site with which it had a personal grudge and rented time on the IoT botnet to accomplish this,” he said.

Drew did not identify the gaming site but The Wall Street Journal, citing people familiar with the attack, said it was the PlayStation network.

At the time, there were worries that a foreign government might have been behind the attack.

Drew said the ability of hackers to make use of mundane home electronics to mount such an attack signalled a huge new risk in the global internet circuitry.

Advertisement. Scroll to continue reading.

He said IoT devices often have easily hackable passwords, including hard-wired passwords that owners cannot change.

“IoT devices also are particularly attractive targets because users often have little way to know when they have been compromised. Unlike a personal computer or phone, which has endpoint protection capabilities and the user is more likely to notice when it performs improperly, compromised IoT devices may go unnoticed for longer periods of time.”

He noted that such devices are widespread around the world, including in areas with few cybersecurity protections, and that the October attack made use of “just a fraction” of those available. Mirai, he said, has infected nearly two million devices connected to the internet.

“The current lack of any security standards for IoT devices is certainly part of the problem that ought to be addressed.”

Related: Mirai Botnets Used for DDoS Attacks on Dyn

Related: Serious Flaws Expose AVTECH Devices to IoT Botnets

Related: Over 500,000 IoT Devices Vulnerable to Mirai Botnet

Related: MITRE Offers $50,000 for Rogue IoT Device Detection

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.