Home Security DVRs, security cams used in massive DDoS attack
DVRs, security cams used in massive DDoS attack Featured

Digital video recorders and security cameras in the main have been used in a distributed denial of service to disrupt a number of high-profile websites, both in the US and other countries.

The whistleblower site WikiLeaks has claimed its supporters were responsible for the attacks, and asked them to desist from causing further chaos, saying they have now made their point.

The website Krebs on Security claimed a majority of the devices used in the attacks were "mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products".

The attacks, on Friday US time, were aimed at the domain name services provider Dynamic Network Services, otherwise known as Dyn. The first attack began at 7.10am EDT on Friday (10.10pm AEDT Friday) and, once this was resolved by Dyn, further waves caused disruptions throughout the day.

While major US websites like Twitter, Spotify, Netflix and Paypal were disrupted, the application performance management software company Dynatrace said that Australian websites were affected as well.

Among the Australian sites that took a hit, Dynatrace listed AAMI, ANZ, BankWest, Coles, The Daily Telegraph, Dan Murphy's, ebay, HSBC, The Herald Sun, NAB, 9News, The Age, Ticketmaster, The Australian, Woolworths, The Sydney Morning Herald, and Westpac.

DNS is a distributed hierarchical database, with each level of the hierarchy pointing to (that is, "delegating to") the next level.

A simplified version of the query sequence, as outlined by veteran systems administrator Craig Sanders many moons ago, goes like this:

Q: "What is the IP address of www.melbourne.example.com.au?"
A: "I don't know. Ask the .au servers, here they are"
Q: "What is the IP address of www.melbourne.example.com.au?"
A: "I don't know. Ask the com.au servers, here they are"
Q: "What is the IP address of www.melbourne.example.com.au?"
A: "I don't know. Ask the example.com.au servers, here they are"
Q: "What is the IP address of www.melbourne.example.com.au?"
A: "I don't know. Ask the melbourne.example.com.au servers, here they are"
Q: "What is the IP address of www.melbourne.example.com.au?"
A: "The A record for www.melbourne.example.com.au is 192.168.1.1"

As iTWire reported, the well-known security technologist Bruce Schneier had recently said he had been informed that state-level actors were probing vital parts of the internet's infrastructure.

With source code for an IoT-based botnet named Mirai being leaked recently, there have been claims that this very botnet was used in the attacks against Dyn.

While there has been extensive, at times hysterical, coverage of the attacks, there has been no indication of the magnitude.

The largest DDoS attack so far has been against French hosting provider OVH, with the attack being almost 1Tbps. Security writer Brian Krebs' website experienced a DDoS of something close to 665Gbps after he had written about an Israel-based company that appeared to be behind many DDoS attacks over the years.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect