“Recently, The Internet connection in the office, and subsequently the productivity of the workforce, had crawled to a standstill over the span of a few hours.
Mumbai ke sab computer mein virus ghus gaya hai (All Mumbai computers have been attacked by a virus) was the helpful response offered by the customer support helpline of his Internet Service Provider (ISP).”
A number of ISPs across Mumbai were the target of a massive Distributed Denial of Service (DDoS) attack.
A DDoS attack involves directing a large amount of Internet traffic at a specific target, thereby overwhelming the victim’s bandwidth capacity and choking the connection.
DDoS attacks are typically perpetrated using an army of malware-infected computers, referred to as a Botnet, that can be remotely directed to do its controller’s bidding. The concept is almost as old as the Internet itself.
A plethora of loosely-secured connected devices have flooded the market, exponentially multiplying the building blocks from which a Botnet can be built.
It may not be too hard to monitor a computer for malware, but how do you tell when your thermostat or your light bulb has been conscripted into a remote-controlled zombie army?
A simple experiment that highlighted the nature of the threat was conducted recently by Johannes Ulrich, Dean of Research at SANS Technology Institute. Ulrich plugged an old digital video recorder (DVR) into the Internet and monitored it. Within minutes, it was flooded with malicious attacks attempting to enslave it. “Not all attacks were successful,” writes Ulrich in his report of the experiment. “But a couple times an hour, someone used the correct password.”
Last week, access to several major websites including Twitter, The Guardian, Netflix, Reddit and Spotify was disrupted after an attack by a Botnet of hundreds of thousands of webcams and DVRs located around the world. These devices were under the control of the Mirai malware, which was also used to attack the website of independent security researcher Brian Krebs in August this year. It was deluged with a torrent of traffic that added up to a little more than 600 gbps —an incredible and unprecedented volume in the history of DDoS attacks.
The size of the attacks is certainly increasing. There are more vulnerable Internet-connected devices available for attackers to turn into bots. And these devices now have more and more bandwidth available to them as ISPs provide more bandwidth to consumers.
The explosion of Botnets has led to a situation where complex technical knowledge is no longer a prerequisite to wield these weapons.
There are services available on the Internet where you pay 100-200 dollars and they’ll attack a target of your choosing. It’s almost like DDoS as a service.
A concerned Attack could do critical damage to a nation’s digital infrastructure.
Customers who are more likely to buy lower-cost devices are more likely to buy a vulnerable device. In addition, cheaper devices often offer less support and a shorter support lifetime.
Unfortunately, the crisis is probably going to get a lot worse before it gets better — if it ever does. Retrieving the hundreds of thousands of already infected devices is a near impossible errand and any protection measures that a target adopts can be breached if bombarded with sufficient force.
What can we do about this? Nothing, really. But this is happening. And people should know.