It
was a Friday morning two weeks ago today. Maybe you were like
millions of other Americans that settled into their work days to
check email, the stock market, and news on the internet only to
find there was no internet.
The
news covered it, kind of, they threw out some buzz words without
explanation like DDoS IP Address, DNS, and NetBot. Cyber Criminals
attacked the Eastern Seaboard at 7 AM and again at noon the attack
spread to the West Coast. A third attack was launched at 4PM the
same day.
This
isn't Rocket Science, let's take a look at what happened without
the media's "don't worry your pretty little head about it"
condescending spin. Here's what the media thinks we're unable to
understand.
Everyone
has an address, an Internet Protocol (IP) Address, it's how people
find you to send your email and internet pages and stuff. Just like
you have a street address to get your mail.
The
IP Address of your house or business is a Public Facing address.
The addresses under your roof are Private Facing. The mail comes to
your house on the Public IP and you give it to the right person
living there on their Private IP. Not so hard.
IP
Addresses are just numbers. A typical IP address could be
205.144.136.199. IP Addresses commonly fall in a range from 0.0.0.0
to 255.255.255.255.
We
don't search the internet by IP Address. We search for a website by
name, or send an email to a company name. These names are called
Domains. Microsoft.com, google.com, and youtube.com are examples of
Domain Names.
A
number of companies called Domain Name Services manage the
responsibility of converting Domain Names into IP Addresses so we
can find what we're looking for. They do this by establishing a
worldwide network of Domain Name Servers (DNS) that translate
Domain Names into IP Addresses. For instance, the Domain Name
Microsoft.com has an IP Address of 23.100.122.175.
One
such Domain Name Service (DNS) company is Dyn. Dyn was the target
of the Eastern Seaboard attack. What the Cyber Criminals did was
overload Dyn's Domain Name Servers with so many requests that they
were unable to keep up with them all and couldn't turn our Domain
Name based internet searches into IP Addresses. The switchboard was
overloaded. How they did it was brilliant.
The
May 2014 Cocktail Talk "Low Orbit Ion Canons" talked
about Distributed Denial of Service (DDoS) attacks. DDoS are just a
large number of requests intended to overload the target so greatly
that it can't respond. One sending IP Address is not enough to
overload a Domain Name Server, much less an entire army of them.
That's where the distributed part comes in. 500,000 IP Addresses
sending requests can, and did, cripple an army of Domain Name
Servers.
September
2016's Cocktail Talk "The Deep Dark Web" talked about
unsecured web cameras. Cameras that you and I can choose from a
website and become voyeurs of coffee shops, pools, bars and college
campuses. We all have unsecured stuff. How many of you have factory
provided passwords on your gear at home or work? It's looking like
a lot right now. But how do you get so many people on board? You do
it without them knowing. You BotNet them.
BotNet,
another buzz word the media threw around feeling you couldn't
possibly understand. It's simple, the Cyber Criminals find your
unprotected, or factory password protected, device's IP Address and
put some bad software on it. Software that's going to do something
bad when they tell it to. Like overrun Dyn's Domain Name Servers
with a lot of devices sending requests at the speed of light.
That's
what they did. The bad guys found a company that had enough
unprotected DVRs and cameras with Public Facing IP Addresses and
used a BotNet to launch a DDoS from possibly 500,000 devices on an
army of Domain Name Servers and cripple it.
IP
Addresses, BotNet, DDos, DNS, it's not Rocket Science, and that's
Cocktail Talk.
