Dyn DNS DDoS Likely The Work of Script Kiddies, Says FlashPoint (techcrunch.com) 85
While nobody knows exactly who was responsible for the internet outrage last Friday, business risk intelligence firm FlashPoint released a preliminary analysis of the attack agains Dyn DNS, and found that it was likely the work of "script kiddies" or amateur hackers -- as opposed to state-sponsored actors. TechCrunch reports: Aside from suspicion falling on Russia, various entities have also claimed or implied responsibility for the attack, including a hacking group called the New World Hackers and -- bizarrely -- WikiLeaks, which put a (perhaps joke) tweet suggesting some of its supporters might be involved. FlashPoint dubs these claims "dubious" and "likely to be false," and instead comes down on the side of the script kidding theory. Its reasoning is based on a few factors, including a detail it unearthed during its investigation of the attack: namely that the infrastructure used in the attack also targeted a well-known video game company. The attack on Dyn DNS was powered in part by a botnet of hacked DVRs and webcams known as Mirai. The source code for the malware that controls this botnet was put on Github earlier this month. And FlashPoint also notes that the hacker who released Mirai is known to frequent a hacking forum called hackforums[.]net. That circumstantial evidence points to a link between the attack and users and readers of the English-language hacking community, with FlashPoint also noting the forum has been known to target video games companies. It says it has "moderate confidence" about this theory. The firm also argues that the attacks do not seem to have been financially or politically motivated -- given the broad scope of the targets, and the lack of any attempts to extort money. Which just leaves the most likely being motivation to show off skills and disrupt stuff. Aka, script kiddies.
Right (Score:4, Funny)
"script kiddies" is what we call the NSA these days, I guess.
Re: (Score:2)
Re: (Score:1)
The difference now is that people are buying the software in order to use it. Once you get to that level you're likely not talking to script kiddies anymore - these are adults with intent of malice, and it looks like they succeeded.
"Script Kiddie" is a label you apply to someone who ran something they found on the internet without fully understanding what it does. These people knew exactly what they were doing.
Re: (Score:2)
No one had a vested interested in engaging in scaremongering here so it will be sort of "swept under the rug".
Re: (Score:2)
Sometimes these kinds of attacks end up being orchestrated to demonstrate that "something needs to be done".
IE: the motivation is to demonstrate that the network is at risk and it needs to be fixed before this happens again.
That might be perpetrated by script kiddies but in such cases you'll find someone out back pulling the strings.
Yikes (Score:4, Interesting)
If script kiddies can bring down top tier names on the web, imagine what state actors could do.
Re: (Score:2)
What if the script kiddings worked for state actors?!
Re: (Score:2)
i think you spelled escape goat wrong.
Re: (Score:1)
Re:Yikes (Score:4, Informative)
http://arstechnica.com/informa... [arstechnica.com]
Given the links between the Mirai DDoS on Brian Krebs, and Dyn's involvement in helping him research that, I wouldn't at all be surprised if it wasn't the same or related groups of cybercriminals responsible for both.
Re: (Score:2)
Been deep undercover the main aim would be to gather intel but never send it back, wait for a go code and try to sway policy and public option as they rise up the ranks.
Very different from a swarm of IoT without build up or other expected political aspects. A loss of top tier names/brands would be inconvenient for a few while.
State actors would layer that with a US classic Colour revolution https://en.wikip [wikipedia.org]
Re:I still don't understand... (Score:4, Insightful)
Civilised folk don't look for new justifications to kill.
Re: (Score:2)
Re: (Score:2)
Civilised people have learned how to deal with those who kill without descending to their level.
It wasn't so long ago that the Germans attempted to exterminate quite a few of their neighbours. Yet it proved possible to prevent this without exterminating the Germans.
This makes me glad, as I've a number of good friends today who are German.
Re: (Score:2)
Re: (Score:2)
The word exterminate was not chosen for rhetorical effect.
Re: (Score:2)
Re: (Score:2)
There were no "mass sanctioned rapes of German women". Stop revising history.
Re: (Score:2)
Re: (Score:2)
Actually, I grew up in Germany, and the people alive back then would have known about this (especially those raped), would they not? I never heard about more than isolated incidents. Sure, like in basically every war, there were rapes, but there were also punishments, including executions for at least some of the perpetrators. You should not believe everything Wikipedia tells you, especially when there is good indication the article is more propaganda than fact.
Incidentally, from your language and lack of c
Re: (Score:2)
Re: (Score:2)
You should not confuse your demented fantasies with history. As I said, no indications of this in Germany. This is far too large for a cover-up, hence I very much doubt it is accurate. One thing I do see this matching is the (completely false) hysteria over "sex trafficking" in the US. Probably the same manipulation techniques at work there. And people fall for it.
The Holocaust, on the other hand, did happen and the reported size is very likely accurate. Also, lots and lots ow witnesses. And there, I got a
Re: (Score:2)
Re: (Score:2)
Incidentally, civilized folk know that the death "penalty" has no deterrence value for murder. Cave-men, on the other hand still think you can sole problems by just applying violence, and if that fails, more violence.
Re: (Score:2)
Lets just execute everybody, then we don't have to deal with anyone's bullshit.
Lies, DamnLies and Statistics (Score:5, Interesting)
If security of IoT is that poor, companies that produce them need to be held legally and financially responsible for any loss.
Re: (Score:2)
Re: (Score:2)
just because you idea of internet is old folks home intranet news letter and cnn...
Re: (Score:3)
I'd be more concerned that 1/2 the US internet is/was solely using Dyn.
Re: (Score:3)
^ This.
If sysadmins cant correctly configure backup DNS in critical systems... We have a bigger problem than some 12 year old trying to shutdown pokemon go cause he got beat up on the playground.
Re: (Score:2)
its cheap
Re: (Score:2)
I'm more bemused that days after the attack, all of Twitter's eggs are still in Dyn's basket.
Name Server: NS1.P34.DYNECT.NET
Name Server: NS4.P34.DYNECT.NET
Name Server: NS2.P34.DYNECT.NET
Name Server: NS3.P34.DYNECT.NET
I guess anyone with brain cells at Twitter got kicked out in the recent layoffs.
No *if*, security *is* that poor (Score:2)
> If security of IoT is that poor.
It is. Millions of devices just sitting out there with username "admin", password "admin". My 9-5 job is checking the security of companies that should have reasonable security - banks, large retailers, etc. They very often don't change default passwords, so why would you expect typical home users to?
> If ... trillions of dollars in transactions hang on a perilously delicate thread.
Yep. Just looking at the Slashdot headlines alone you'll see billions of dollars of lo
Re: (Score:2)
The security of IoT is designed to allow any user to connect to wifi or the app on a phone without needing to call support or find some paper in the box with a unique user name and password.
Or spend hours online trying to search a make and version to find its "admin" or "password"
Re: (Score:2)
There is also the other thing that script kiddies are incompetent. How long since one such moron starts an attack and then loses control of the bot-net (thereby being unable to _stop_ the attack)? Small-time criminals and vandals with nukes...
Definitely script kiddies (Score:5, Interesting)
Of course it was script kiddies. Why in the world would any state-sponsored group show their hand and blow a single-use resource (the IoT botnet) to accomplish... absolutely nothing at all. Taking down some of the internet for part of a day at a totally non-strategic point in time, with totally non-strategic targets, isn't something any state would do randomly just for fun. This attack was large enough that it triggered many actions to prevent it from happening again. You have Chinese IoT chipset manufacturers doing recalls and patching their code. Pressure is being put on ISPs to help filter these kinds of attacks (it is quite obvious when some large percentage of your customers start engaging in some very abnormal network behavior all at the exact same time). Online providers like Dyn are learning and coming up with ways to prevent future attacks on their end. The only thing the attack accomplished was awareness. No state sponsored organization would have wasted their offensive attack resources like this.
Re: (Score:2)
If I only had mod points!
This is exactly the point I made when I was talking to my brother about this. As you point out its a one time use attack, and it didn't really accomplish anything other than highlight the vulnerabilities of the IoT and trigger action to correct those vulnerabilities.
I bet the state level actors are more than a bit ticked off about this, now they won't be able to use the IoTs as easily for their own plans.
Re: (Score:2)
Re: (Score:2)
Unless the state sponsored organisation has staff in the private sector and could ensure new standards of encryption got pushed.
Standards of encryption that they as the "protector" of crypto got to design or test. Every device would then be more secure but totally open to the security services thanks to suggested upgrades after "scripts"
That would clear up the risk of a lot of bespoke, in house and unique r
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
Indeed. The main characteristic of script-kiddies is that they have very big egos and very small understanding of how things actually work. No halfway rational group of attackers would ever do such a pointless attack that only draws attention to them. I hope they find the morons responsible and charge them the full amount of damage done. No reason to add any punishment after that.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Except that because so much of the IoT is unable to be updated, this isn't single use unless ISPs start disconnecting customers who're participating in DDoS attacks.
Dyn DNS DDoS (Score:2)
Now then, boyo. A town in Wales it sounds like, lookyou.
Possible and scary (Score:2)
The popularity and security weaknesses in IoT devices has lower the bar so that anyone with a bit of IT knowledge can take out large companies. We should take a step back from the IoT buzzword and remember that consumer side devices has been online for a long time. Other consumer equipment, such as routers and web cams, have long been a source an area with weak security and hardcoded passwords. The problem is that these devices are out there and there is no way of fixing them all.
Unless better attack mit
Scripts... (Score:2)
Yea of course they used scripts, imagine having to manually start a DDoS attacks from every bot in the net!
Re: (Score:1)
Actually, it's an IRC channel. But whatever.
A man doesn't need to personally make a gun... (Score:2)
... to shoot you in the face with it.
The issue is not whether they're script kiddies or not but that the code worked. And it shouldn't. But it does. Correct the situation.
Re: (Score:2)
WikiLeaks are the ones who made that tweet, so as per usual, they were only smearing themselves.
It was the Russians!!!! (Score:3)
From every other breach and incident we've seen, the government has screamed "Russians!!" with absolutely not proof.... Why not this time?
Re: (Score:3)
The started to suspect Russians, they are now more specific : they are Russian script kiddies.
If this was script Kiddies... (Score:2)