Dyn DNS DDoS likely the work of script kiddies, says FlashPoint. From TechCrunch.
Business risk intelligence firm FlashPoint has put out a preliminary analysis of last week’s massive denial of service attack against Dyn DNS, and its conclusion is it was likely the work of amateur hackers — rather than, as some had posited, state-sponsored actors perhaps funded by the Russian government.
The DDoS attack against Dyn’s domain name system impacted access to a range of sites in parts of the U.S. last Friday, including PayPal, Twitter, Reddit, GitHub, Amazon, Netflix, Spotify and RuneScape.
Aside from suspicion falling on Russia, various entities have also claimed or implied responsibility for the attack, including a hacking group called the New World Hackers and — bizarrely — WikiLeaks, which put out a (perhaps joke) tweet suggesting some of its supporters might be involved.
Hacked Cameras, DVRs Powered Today’s Massive Internet Outage. From KrebsOnSecurity.
A massive and sustained Internet attack that has caused outages and network congestion today for a large number of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and digital video recorders, new data suggests.
Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.
- This Is Probably Why Half the Internet Shut Down Today. From Gizmodo.
Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host. It’s probably safe to assume that the two situations are related.
Domain Name Servers (DNS) act as the Internet’s phone book. Basically, they facilitate your request to go to a certain webpage and make sure you are taken to the right place. If the DNS provider that handles requests for Twitter is down, well, good luck getting to Twitter.
The Democratization of Censorship. From KrebsOnSecurity.
John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it.” This notion undoubtedly rings true for those who see national governments as the principal threats to free speech.
However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach.
- New DDoS Attack Record Is 579 Gbps, Reported in H1 2016. From Softpedia. The new peak value for DDoS attacks has changed yet again, with the new top value being 579 Gbps, recorded by Arbor Networks during the first half of the year. The previous maximum value was 500 Gbps, detected between the end of 2015 and the start of 2016, also by Arbor Networks, a company that provides various security services, among which DDoS mitigation.
Low-and-slow DDoS attacks account for 80 percent of all DDoS attacks
J.P. Morgan’s CIO on the Bank’s Security Game Plan. From WSJ. Facing fierce competition from upstarts in the financial technology, or “fintech,” space, along with constant cybersecurity threats, J.P. Morgan is betting that tech will be an industry game-changer. That’s where Dana Deasy, the bank’s chief information officer, comes in. Mr. Deasy oversees a $9.4 billion technology budget at J.P. Morgan, including about $3 billion in new investments, that is growing—a rarity in size and allocation among large banks. He leads 44,000 technology employees, including more than 18,000 developers.
- I Was Hacked by ISIS. From Boston Review. I was a victim of treachery: one of about 3,000 New Yorkers whose names and “personal information” (the cops didn’t know what) had been hacked from some database (they didn’t know which) and posted to some website (also, no further details). The hackers belonged to the United Cyber Caliphate, which, the police told me, “has some connection with ISIS.”
Hackers want you to continue ignoring this critical home cybersecurity flaw. From American Enterprise Institute. Routers are thus fast becoming rich targets for hackers. In 2012, Kaspersky Labs discovered that cybercriminals had hacked into more than 4.5 million home DSL routers in Brazil by exploiting a chip vulnerability, manipulating router DNS settings to disguise fake infected websites as legitimate ones. Unsuspecting users were thus tricked into downloading malware that stole their passwords and banking information, earning one hacker more than $50,000.