How your DVR was hijacked to help epic cyberattack Elizabeth Weise , USATODAY 2:55 p.m. EDT October 22, 2016 AFP AFP_H5896 I SCI GBR
SAN FRANCISCO — Technology experts warned for years that the millions of Internet-connected "smart" devices we use every day are weak, easily hijacked and could be turned against us.
The massive siege on Dyn, a New Hampshire-based company that monitors and routes Internet traffic, shows those ominous predictions are now a reality.
An unknown attacker intermittently knocked many popular websites offline for hours Friday, from Amazon to Twitter and Netflix to Etsy. How the breach occurred is a cautionary tale of the how the rush to make humdrum devices “smart” while sometimes leaving out crucial security can have major consequences.
Dyn, a provider of Internet management for multiple companies, was hit with a large-scale distributed denial of service attack (DDoS), in which its servers were flooded with millions of fake requests for information, so many that they could no longer respond to real ones and crashed under the weight.
Who orchestrated the attack is still unknown. But how they did it — by enslaving ordinary household electronic devices such as DVRs, routers and digital closed-circuit cameras —is established.
The attackers created a digital army of co-opted robot networks, a "botnet," that spewed millions of nonsense messages at Dyn's servers. Like a firehose, they could direct it at will, knocking out the servers, turning down the flow and then hitting it full blast once again.
The specific weapon? An easy-to-use botnet-creating software called Mirai that requires little technical expertise. An unknown person released it to the hacker underground earlier this month, and security experts immediately warned it might come into more general use.