The attack on the infrastructure of the internet, which made it all but impossible at times to check Twitter feeds or headlines, was a remarkable reminder about how billions of ordinary web-connected devices — many of them highly insecure — can be turned to vicious purposes. And the threats will continue long after Election Day for a nation that increasingly keeps its data in the cloud and has oftentimes kept its head in the sand.
But hundreds of thousands, and maybe millions, of those security cameras and other devices have been infected with a fairly simple program that guessed at their factory-set passwords — often “admin” or “12345” or even, yes, “password” — and, once inside, turned them into an army of simple robots. Each one was commanded, at a coordinated time, to bombard a small company in Manchester, N.H., called Dyn DNS with messages that overloaded its circuits.
- DDoS attack on Dyn cripples the internet (webroot.com)
- Hackers Used New Weapons to Disrupt Major Websites Across US – New York Times (nytimes.com)
- Yesterday’s DDoS attack should have been a major wake up call (hotair.com)
- Cyber attacks disrupt Twitter, Spotify, other sites on East Coast (thegazette.com)
- ‘Massive’ Cyberattack Hits U.S. Servers, Affects Twitter, Reddit and Other Sites (truthdig.com)
- How massive DDoS attacks are undermining the Internet (techcrunch.com)
- Dyn Once, Not Twice – Lessons Learned (forbes.com)
- [Updated] Massive DDoS Attack Causes Internet Disruption for Several Popular Sites – 3rd Attack Under Way (wccftech.com)
- How a Bunch of Hacked DVR Machines Took Down Twitter and Reddit (theatlantic.com)