US under cyber attack

Hackers cripple US internet in wide-scale cyberattack

WikiLeaks implied its supporters may be behind the attack and asked them to "stop taking down the US internet".

If you live on the East Coast and had trouble accessing Twitter, Spotify Netflix, Amazon or Reddit Friday morning, you were not alone.

SAN FRANCISCO — Eleven hours after a massive online attack that blocked access to many popular websites, the company under assault has finally restored its service. Dyn, a New Hampshire-based company that monitors and routes Internet traffic, was the victim of a massive attack that began at 7:10 a.m. ET Friday morning. The issue kept some users on the East Coast from accessing Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit, PayPal and other sites.

At 6:17 p.m. ET Friday, Dyn updated its website to say it had resolved the large-scale distributed denial of service attack (DDoS) and service had been restored.

DDoS attacks flood servers with so many fake requests for information that they cannot respond to real ones, often crashing under the barrage. It's unclear who orchestrated the attack.

“It’s a very smart attack. We start to mitigate, they react. It keeps on happening every time. We’re learning, though” said Kyle York, Dyn’s chief strategy officer said on a conference call with reporters Friday afternoon.

Troubling to security experts was that the attackers relied on Mirai, an easy-to-use program that allows even unskilled hackers to take over online devices and use them to launch DDoS attacks. The software uses malware from phishing emails to first infect a computer or home network, then spreads to everything on it, taking over DVRs, cable set-top boxes, routers and even Internet-connected cameras used by stores and businesses for surveillance.

These devices are in turn used to create a robot network, or botnet, to send the millions of messages that knock the out victims' computer systems. The source code for Mirai was released on the so-called dark web, sites that operate as a sort of online underground for hackers, at the beginning of the month. The release led some security experts to suggest it would soon be widely used by hackers. That appears to have happened in this case.

Dyn is getting “tens of millions” of messages from around the globe sent by seemingly harmless but Internet-connected devices. “It could be your DVR, it could be a CCTV camera, a thermostat. I even saw an Internet-connected toaster on Kickstarter yesterday,"  said York. The complexity and breadth of the multiple attack points make it difficult to fight because it's hard to distinguish legitimate traffic from botnet traffic.
York said one bright spot for the company had been the tremendous outpouring of aid from its customers, competitors and law enforcement. “You guys wouldn’t believe the amount of support we’ve received,” he told reporters.


Effects felt nationwide - Dyn first  posted on its website at 7:10 a.m. ET that it "began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure."
These resolved towards 9:30 a.m. Then more waves began. "It's been a hectic day," said York. The attack comes at a time of heightened public sensitivity and concern that the nation's institutions and infrastructure could face large-scale hacking attacks. The most recent example has been the release of emails stolen from the servers of the Democratic National Committee, which U.S. intelligence sources say was the work of Russia. The topic has come up frequently during the fall's hard-fought presidential campaign.
White House Press Secretary Josh Earnest said the Department of Homeland Security was “monitoring the situation" but that “at this point, I don’t have any information about who may be responsible for this malicious activity.”

So far Dyn has not been able to ascertain whether the attack is aimed at any specific customer. “We have no reason to believe it is at this point,” said Dave Allen, the company’s general counsel. The attack is “consistent with record-setting sized cyber attacks seen in the last few weeks,” said Carl Herberger, vice president of security at security company Radware.

Disruption - A post on Hacker News first identified the attack and named the sites that were affected. Several sites, including Spotify and GitHub, took to Twitter Friday morning to post status updates once the social network was back online.

US Hacker Attack

Several of the world's best-known websites were inaccessible across parts of the United States on Friday after hackers unleashed a series of attacks on a company that acts as a switchboard for the internet. The attacks affected access to Twitter, Paypal, Spotify and other customers of the infrastructure company in New Hampshire called Dyn, which processes large volumes of internet traffic.

"The attacks came in waves," Al Jazeera's Rob Reynolds, reporting from Los Angeles, said. "First targeting the East Coast of the United States, spreading then to the other parts of the country and even to Western Europe." "The websites that were disrupted were some of the top names in the internet: CNN and the New York Times, AirBnB, Reddit, HBO ... a whole variety of sites were attacked."

"Dyn is kind of a middle man that directs users to different websites and routes traffic from server to server in a complex way," said Reynolds. The attackers used hundreds of thousands of internet-connected devices that had previously been infected with a malicious code that allowed them to cause outages.

"This type of attack is known as a distributed denial of service attack [DDoS]," explained our correspondent. "They used affected computers to fire requests at the servers of Dyn simultaneously and essentially overwhelm it."

The US under cyber attack

"The complexity of the attacks is what's making it very challenging for us," Dyn's chief strategy officer, Kyle York, told Reuters news agency. York said that at least some of the malicious traffic was coming from connected devices, including webcams and digital video recorders, that had been infected with control software named Mirai.

Security researchers have previously raised concerns that such connected devices, sometimes referred to as the Internet of Things, lack proper security. The Mirai code was dumped on the internet about a month ago, and criminal groups are now charging to employ it in cyber attacks, said Allison Nixon, director of security research at Flashpoint, which was helping Dyn analyse the attack.

How computers are setting us up

Crash: how computers are setting us up for disaster

When a sleepy Marc Dubois walked into the cockpit of his own aeroplane, he was confronted with a scene of confusion. The plane was shaking so violently that it was hard to read the instruments. An alarm was alternating between a chirruping trill and an automated voice: “STALL STALL STALL.” His junior co-pilots were at the controls. In a calm tone, Captain Dubois asked: “What’s happening?”

Co-pilot David Robert’s answer was less calm. “We completely lost control of the aeroplane, and we don’t understand anything! We tried everything!”

The crew were, in fact, in control of the aeroplane. One simple course of action could have ended the crisis they were facing, and they had not tried it. But David Robert was right on one count: he didn’t understand what was happening.

As William Langewiesche, a writer and professional pilot, described in an article for Vanity Fair in October 2014, Air France Flight 447 had begun straightforwardly enough – an on-time take-off from Rio de Janeiro at 7.29pm on 31 May 2009, bound for Paris. With hindsight, the three pilots had their vulnerabilities. Pierre-Cédric Bonin, 32, was young and inexperienced. David Robert, 37, had more experience but he had recently become an Air France manager and no longer flew full-time. Captain Marc Dubois, 58, had experience aplenty but he had been touring Rio with an off-duty flight attendant. It was later reported that he had only had an hour’s sleep.

Fortunately, given these potential fragilities, the crew were in charge of one of the most advanced planes in the world, an Airbus 330, legendarily smooth and easy to fly. Like any other modern aircraft, the A330 has an autopilot to keep the plane flying on a programmed route, but it also has a much more sophisticated automation system called fly-by-wire. A traditional aeroplane gives the pilot direct control of the flaps on the plane – its rudder, elevators and ailerons. This means the pilot has plenty of latitude to make mistakes. Fly-by-wire is smoother and safer. It inserts itself between the pilot, with all his or her faults, and the plane’s mechanics. A tactful translator between human and machine, it observes the pilot tugging on the controls, figures out how the pilot wanted the plane to move and executes that manoeuvre perfectly. It will turn a clumsy movement into a graceful one.
This makes it very hard to crash an A330, and the plane had a superb safety record: there had been no crashes in commercial service in the first 15 years after it was introduced in 1994. But, paradoxically, there is a risk to building a plane that protects pilots so assiduously from even the tiniest error. It means that when something challenging does occur, the pilots will have very little experience to draw on as they try to meet that challenge.

The complication facing Flight 447 did not seem especially daunting: thunderstorms over the Atlantic Ocean, just north of the equator. These were not a major problem, although perhaps Captain Dubois was too relaxed when at 11.02pm, Rio time, he departed the cockpit for a nap, leaving the inexperienced Bonin in charge of the controls.


https://www.theguardian.com/technology/2016/oct/11/crash-how-computers-are-setting-us-up-disaster