Please create an account to participate in the Slashdot moderation system


Forgot your password?
Botnet The Internet Communications Network Privacy Security News Technology

Dyn DNS DDoS Likely The Work of Script Kiddies, Says FlashPoint ( 85

While nobody knows exactly who was responsible for the internet outrage last Friday, business risk intelligence firm FlashPoint released a preliminary analysis of the attack agains Dyn DNS, and found that it was likely the work of "script kiddies" or amateur hackers -- as opposed to state-sponsored actors. TechCrunch reports: Aside from suspicion falling on Russia, various entities have also claimed or implied responsibility for the attack, including a hacking group called the New World Hackers and -- bizarrely -- WikiLeaks, which put a (perhaps joke) tweet suggesting some of its supporters might be involved. FlashPoint dubs these claims "dubious" and "likely to be false," and instead comes down on the side of the script kidding theory. Its reasoning is based on a few factors, including a detail it unearthed during its investigation of the attack: namely that the infrastructure used in the attack also targeted a well-known video game company. The attack on Dyn DNS was powered in part by a botnet of hacked DVRs and webcams known as Mirai. The source code for the malware that controls this botnet was put on Github earlier this month. And FlashPoint also notes that the hacker who released Mirai is known to frequent a hacking forum called hackforums[.]net. That circumstantial evidence points to a link between the attack and users and readers of the English-language hacking community, with FlashPoint also noting the forum has been known to target video games companies. It says it has "moderate confidence" about this theory. The firm also argues that the attacks do not seem to have been financially or politically motivated -- given the broad scope of the targets, and the lack of any attempts to extort money. Which just leaves the most likely being motivation to show off skills and disrupt stuff. Aka, script kiddies.
This discussion has been archived. No new comments can be posted.

Dyn DNS DDoS Likely The Work of Script Kiddies, Says FlashPoint

Comments Filter:
  • Right (Score:4, Funny)

    by Anonymous Coward on Wednesday October 26, 2016 @04:16PM (#53157093)

    "script kiddies" is what we call the NSA these days, I guess.

    • Probably not wrong... how many of their tools do you think they actually developed in-house?
      • by Anonymous Coward

        The difference now is that people are buying the software in order to use it. Once you get to that level you're likely not talking to script kiddies anymore - these are adults with intent of malice, and it looks like they succeeded.

        "Script Kiddie" is a label you apply to someone who ran something they found on the internet without fully understanding what it does. These people knew exactly what they were doing.

    • by jedidiah ( 1196 )

      No one had a vested interested in engaging in scaremongering here so it will be sort of "swept under the rug".

      • Sometimes these kinds of attacks end up being orchestrated to demonstrate that "something needs to be done".

        IE: the motivation is to demonstrate that the network is at risk and it needs to be fixed before this happens again.

        That might be perpetrated by script kiddies but in such cases you'll find someone out back pulling the strings.

  • Yikes (Score:4, Interesting)

    by stabiesoft ( 733417 ) on Wednesday October 26, 2016 @04:22PM (#53157129) Homepage

    If script kiddies can bring down top tier names on the web, imagine what state actors could do.

    • What if the script kiddings worked for state actors?!

    • Re:Yikes (Score:4, Informative)

      by Fire_Wraith ( 1460385 ) on Wednesday October 26, 2016 @05:36PM (#53157617)
      And yet Ars Technica claimed in an article that there were indeed ransom demands made to Dyn. That seems to be at odds with Flashpoint's statement. []

      Given the links between the Mirai DDoS on Brian Krebs, and Dyn's involvement in helping him research that, I wouldn't at all be surprised if it wasn't the same or related groups of cybercriminals responsible for both.
    • by AHuxley ( 892839 )
      State actors just get their spies into federal gov, mil and clandestine services every generation.
      Been deep undercover the main aim would be to gather intel but never send it back, wait for a go code and try to sway policy and public option as they rise up the ranks.
      Very different from a swarm of IoT without build up or other expected political aspects. A loss of top tier names/brands would be inconvenient for a few while.
      State actors would layer that with a US classic Colour revolution https://en.wikip []
  • by sdinfoserv ( 1793266 ) on Wednesday October 26, 2016 @04:24PM (#53157139) Homepage
    If it's true that "script kiddies" took out 1/2 the US internet, trillions of dollars in transactions hang on a perilously delicate thread.
    If security of IoT is that poor, companies that produce them need to be held legally and financially responsible for any loss.
    • I had to load the webpage on CNN or here to be told I was supposed to be having a problem...
    • by tk77 ( 1774336 )

      I'd be more concerned that 1/2 the US internet is/was solely using Dyn.

      • ^ This.

        If sysadmins cant correctly configure backup DNS in critical systems... We have a bigger problem than some 12 year old trying to shutdown pokemon go cause he got beat up on the playground.

      • by zlives ( 2009072 )

        its cheap

      • by TroII ( 4484479 )

        I'm more bemused that days after the attack, all of Twitter's eggs are still in Dyn's basket.

        Name Server: NS1.P34.DYNECT.NET
        Name Server: NS4.P34.DYNECT.NET
        Name Server: NS2.P34.DYNECT.NET
        Name Server: NS3.P34.DYNECT.NET

        I guess anyone with brain cells at Twitter got kicked out in the recent layoffs.

    • > If security of IoT is that poor.

      It is. Millions of devices just sitting out there with username "admin", password "admin". My 9-5 job is checking the security of companies that should have reasonable security - banks, large retailers, etc. They very often don't change default passwords, so why would you expect typical home users to?

      > If ... trillions of dollars in transactions hang on a perilously delicate thread.

      Yep. Just looking at the Slashdot headlines alone you'll see billions of dollars of lo

    • by AHuxley ( 892839 )
      That says more to the design, staff skills and robustness of systems protecting trillions of dollars in transactions.
      The security of IoT is designed to allow any user to connect to wifi or the app on a phone without needing to call support or find some paper in the box with a unique user name and password.
      Or spend hours online trying to search a make and version to find its "admin" or "password"
    • by gweihir ( 88907 )

      There is also the other thing that script kiddies are incompetent. How long since one such moron starts an attack and then loses control of the bot-net (thereby being unable to _stop_ the attack)? Small-time criminals and vandals with nukes...

  • by Dan East ( 318230 ) on Wednesday October 26, 2016 @04:49PM (#53157319) Journal

    Of course it was script kiddies. Why in the world would any state-sponsored group show their hand and blow a single-use resource (the IoT botnet) to accomplish... absolutely nothing at all. Taking down some of the internet for part of a day at a totally non-strategic point in time, with totally non-strategic targets, isn't something any state would do randomly just for fun. This attack was large enough that it triggered many actions to prevent it from happening again. You have Chinese IoT chipset manufacturers doing recalls and patching their code. Pressure is being put on ISPs to help filter these kinds of attacks (it is quite obvious when some large percentage of your customers start engaging in some very abnormal network behavior all at the exact same time). Online providers like Dyn are learning and coming up with ways to prevent future attacks on their end. The only thing the attack accomplished was awareness. No state sponsored organization would have wasted their offensive attack resources like this.

    • If I only had mod points!

      This is exactly the point I made when I was talking to my brother about this. As you point out its a one time use attack, and it didn't really accomplish anything other than highlight the vulnerabilities of the IoT and trigger action to correct those vulnerabilities.

      I bet the state level actors are more than a bit ticked off about this, now they won't be able to use the IoTs as easily for their own plans.

    • I've heard suggestions that state "someone is learning how to take down the internet." I don't have the background to understand these suggestions. Isn't it possible though that some state actor did this as an experiment to see the response and how much damage an attack like this could do?
    • by AHuxley ( 892839 )
      Re "No state sponsored organisation would have wasted their offensive attack resources like this."
      Unless the state sponsored organisation has staff in the private sector and could ensure new standards of encryption got pushed.
      Standards of encryption that they as the "protector" of crypto got to design or test. Every device would then be more secure but totally open to the security services thanks to suggested upgrades after "scripts"
      That would clear up the risk of a lot of bespoke, in house and unique r
    • Maybe it wasn't for fun: []
    • by gweihir ( 88907 )

      Indeed. The main characteristic of script-kiddies is that they have very big egos and very small understanding of how things actually work. No halfway rational group of attackers would ever do such a pointless attack that only draws attention to them. I hope they find the morons responsible and charge them the full amount of damage done. No reason to add any punishment after that.

    • by houghi ( 78078 )

      to accomplish... absolutely nothing at all

      How do you know that? If a state actor did this, we might not even know what their goal was, so we have no idea if it worked or not.
      Just look at Zero Days []
      IF thise where an attack, we have no idea yet to know who or what the real target was and if it worked or not. And perhaps awareness WAS the goal.

    • Unless it was the US Government themselves, giving manufacturers a kick up the arse. As you say "You have Chinese IoT chipset manufacturers doing recalls and patching their code. Pressure is being put on ISPs to help filter these kinds of attacks".
    • Except that because so much of the IoT is unable to be updated, this isn't single use unless ISPs start disconnecting customers who're participating in DDoS attacks.

  • Now then, boyo. A town in Wales it sounds like, lookyou.

  • The popularity and security weaknesses in IoT devices has lower the bar so that anyone with a bit of IT knowledge can take out large companies. We should take a step back from the IoT buzzword and remember that consumer side devices has been online for a long time. Other consumer equipment, such as routers and web cams, have long been a source an area with weak security and hardcoded passwords. The problem is that these devices are out there and there is no way of fixing them all.

    Unless better attack mit

  • Yea of course they used scripts, imagine having to manually start a DDoS attacks from every bot in the net!

  • ... to shoot you in the face with it.

    The issue is not whether they're script kiddies or not but that the code worked. And it shouldn't. But it does. Correct the situation.

  • by ninthbit ( 623926 ) on Wednesday October 26, 2016 @06:59PM (#53158137)

    From every other breach and incident we've seen, the government has screamed "Russians!!" with absolutely not proof.... Why not this time?

    • by GuB-42 ( 2483988 )

      The started to suspect Russians, they are now more specific : they are Russian script kiddies.

  • ...then all you "professionals" working in IT security should resign and go work as Walmart greeters. Seriously, if some 13 year old kid living in there parents basement can take down a bunch of major websites on the East Coast, the "pros" needed to be given their pink slips. Who is running this show, the Yahoo email security group? Fix your sh*t or resign.

Who goeth a-borrowing goeth a-sorrowing. -- Thomas Tusser