DDoS Attack Done by Script Kiddies

Netflix and RuneScape lovers alike were funneled into the same boat on 21 October when their domain name provider was targeted by a DDoS attack. The attack affected site and service availability for those hosted on Dyn, a company responsible for a large amount of the internet's domain name system infrastructure, including PayPal, Twitter, Reddit, GitHub, Amazon, and Spotify among others. The attack happened around 7 a.m. E.T., disabling website addresses assigned by Dyn.

The perpetrators carried out their attacks in three waves. After the initial attack, Dyn increased their security measures, lessening the impact of the following waves on their DNS. A portion of the attack originated from a Mirai Command and Control server. Essentially, botnets comprised of Mirai software scout out IoT (Internet of Things) devices using default usernames and passwords, infecting them in order to gain access. Millions of web-enabled, infected devices pummeled the data centers with junk data.

Security firm Flashpoint released an "after-action" analysis of the incident where it concluded that the attacks were likely carried out by amateur hackers. To add to the confusion, some believed that state-sponsored actors perpetrated the attack or that the Russian government was somehow involved. WikiLeaks tweeted that a supporter may be responsible, jokingly we hope.

In their investigation, Flashpoint discovered that the infrastructure used in the attack mirrored the one used against a well-known video game company: "While there does not appear to have been any disruption of service, the targeting of a video game company is less indicative of hacktivists, state-actors, or social justice communities, and aligns more with the hackers that frequent online hacking forums." Writers of the report Allison Nixon, John Costello, and Zach Wikholm have specifically referenced the Hackforums community where commercial DDoS tools, known as booters or stressers, are sold.

Further on, the writers assert that they are moderately confident that the attacks had no financial or political motivation. Instead, since the hackers targeted entertainment and social media, the motivating factors were to "show off, or to cause disruption and chaos for sport." In the past, DDoS attacks launched at gaming companies had no other purpose than to "show off their credentials as hackers of skill, or to 'troll' and gain attention by causing disruption to popular services."

A DDoS (Distributed Denial of Service) attack is one in which multiple compromised systems are infected in order to target a single system, resulting in a DOS (Denial of Service) attack. Various computers and internet connections are used, often distributing data via botnets to overwhelm the target. Having numerous sources makes the attack difficult to stop. The IoT has expanded the terrain over which hackers are able to attack. As everyday devices are able to connect to the internet and each other, things like cell phones, routers, DVRs (digital video recorders), and security cameras can be used to contribute to DDoS attacks via botnets.

For those of us obsessively watching Mr. Robot, the professionalism of Rami Malek's character, an off-the-grid, anonymous master hacker, contrasts sharply to the script kiddies in this latest attack. The term, used a couple times in the show, differentiates between someone who uses existing computer scripts/codes rather than writing their own. For those of you who haven't dived into the series, just imagine watching a reclusive, anonymous hacker in his element. Follow him through a life of tenuous relationships, a master plan, and a psychologically questionable life. You won't be disappointed.

Post a comment


Author Name

Free Gift

Free Gift
Get immediate access to our in depth video training on the click by click steps required to get your successful online business started today

Contact form


Email *

Message *

Powered by Blogger.