I'm surprised I haven't seen a thread about this. Talking to some tech people and they said its a fairly big deal?

http://www.usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/



SAN FRANCISCO — At least two successive waves of online attacks blocked multiple major websites Friday, at times making it impossible for many users on the East Coast to access Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit and other sites.
The first attacks appear to have begun around 7:10 a.m. Friday, then resolved towards 9:30 a.m., but then a fresh wave began.
The cause was a large-scale distributed denial of service attack (DDoS) against Internet performance company Dyn that blocked user access to many popular sites. Such DDoS attacks have a long history online but may be increasing in numbers with the recent release of easy-to-use computer code to create them.

The war is real, friend.

Cyber attacks have been getting more frequent, larger and more malicious. We don't hear about most of them. Perpetrators will get around to electrical grid eventually.

Sent from my SCH-I545 using Tapatalk

I'm glad it was the Russians and not the democrats. The dems might have shut this site down.

Not the Russians, its Anonymous.

They're pissed because one of their own got arrested for DDOSing a children's hospital.

http://www.washingtontimes.com/news/2016/oct/20/martin-gottesfeld-anonymous-hacktivist-charged-ove/

If a third party candidate wins, we can look at Anonymous for the hack. :D

If a third party candidate wins, we can look at Anonymous for the hack. :D

Part of me would be ok with that...the other part would be pissed off.

If Trump wins, they'll blame Russia for the hack, and move to nullify the election. :D

FIFY.

Black hat operation to make the public more accepting of physical responses to online crime. (I kid but..)

The war is real, friend.
^THIS

Not the Russians, its Anonymous.

They're pissed because one of their own got arrested for DDOSing a children's hospital.

http://www.washingtontimes.com/news/2016/oct/20/martin-gottesfeld-anonymous-hacktivist-charged-ove/
Thanks for the link. Wish Wash times wasn't so stupidly spammy with their ads that hijack your browser (yes I know, adblock).

If all these social media sites shut down at once the work productivity of America would soar.

At least I know mine would. :D

At least two successive waves of online attacks blocked multiple major websites Friday, at times making it impossible for many users on the East Coast to access Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit and other sites.

I would never have noticed if you hadn't mentioned it. Of the sites mentioned, Amazon is the only one I use and I try to use it sparingly. Losing Twitter, Tumbler, and Reddit probably boosted the average national IQ by 5 or 10 points ...

Who cares if netflix and amazon are disrupted ...............SQUIRREL

Everyone should be more concerned about the Ecuadorian shutdown of Assange's e-mail.
Ignoring of the D operative bragging how they were disrupting Trump rally's, which has been very conveniently left out of all the media outlets.

It took down denvergov.org/... and various portions of their services. Threw a monkey wrench in some of our daily operations.

Malware from millions of IPs got put into action.
Scary stuff

http://www.zerohedge.com/news/2016-10-21/third-wave-internet-cyber-attacks-lauched-dyn-warns

Its been screwing with the credit card processing for our web store. Basically everyone that tries to order from us gets their CC rejected (a few customers have called and we processed over the phone and that was just fine).

My garage door hub and one smart TV is probably contributing as we speak.

Insert modern Version of a Cold War poster.

Cyber is the next Cold War instead of practicing hiding under our school desks we will be practicing cell phone OPSEC

I've been getting a lot of emails lately that begin with "Hey Handsome,"...

You know all those cool "free" apps. Well, duh.

Insert modern Version of a Cold War poster.

Cyber is the next Cold War instead of practicing hiding under our school desks we will be practicing cell phone OPSEC


Please turn your phone off and wait 30 seconds before restarting.

You know all those cool "free" apps. Well, duh.

https://s-media-cache-ak0.pinimg.com/236x/f7/69/c2/f769c251f994cb040b27d20319afcda0.jpg

Lets see, not long ago foxtrot pointed out the internet isn't invulnerable and large regions could be subject to temporary or permanent blackouts if they find vulnerabilities in the DNS system.

This small attack? Primarily against a managed DNS system, DDOS using the "internet of things". Still not an exploited vulnerability, but it took out major sites regionally for a significant time. And this is just small potatoes to what can and likely will be coming down the pipes... eventually.

PPS: Even if DNS lookups are overloaded you can come here directly by IP address if you keep it written down somewhere... (or "favorite" it)

http://204.144.128.249/

Unlikely that we will see anything affect us for awhile though. The risk goes up over time because this is the money shot vulnerability... you don't take out a site, you take out portions of the net.

nothing like this could ever happen in America [Flower]

https://s-media-cache-ak0.pinimg.com/236x/f7/69/c2/f769c251f994cb040b27d20319afcda0.jpg


It's OK because Roy and Moss trusted Jen with the Internet. Besides that everyone now knows that all IT problems can be fixed by turning it off and back on again. [Coffee]

But will it kill more people than Hurricane Matthew?

I for one could use a healthy break from being connected by cable plugged into the back of my neck to the Interwebz.

So glad other people are familiar with The IT Crowd.

It's OK because Roy and Moss trusted Jen with the Internet. Besides that everyone now knows that all IT problems can be fixed by turning it off and back on again. [Coffee]

Don't forget to clear your cache first. :)

Third wave of attacks (larger, btw) is still ongoing to my knowledge at the moment, so it's not over yet.
It's never "over".

It's never "over".

Indeed. Here's a constant live visualization: http://map.norsecorp.com

Indeed. Here's a constant live visualization: http://map.norsecorp.com
67592

Indeed. Here's a constant live visualization: http://map.norsecorp.com

I love this map. It's like Global Thermonuclear War.

I love this map. It's like Global Thermonuclear War.

https://www.ar-15.co/attachment.php?attachmentid=67592&d=1477147372

That map is hypnotic!

I'm so tired of the news playing this off as an advanced, difficult, and elaborate attack.

These DDOS attacks are simple.

There are millions of devices that are internet connected, thanks to jackwads in society, that this malware literally searches out, logs in to, boots itself up, and then can be directed with some pretty simple code that has been made public.

There isn't anything elaborate about it. It's the result of people being stupid and complacent.

Seriously,
Home Automation - Smart things, Hue, Cameras, Door Locks, etc...
Industrial cell modems
Home routers
...
...
...
...
The list goes on and on.

Tons of people have left their devices with the default Username/Password, and that makes them part of the botnet that caused this.

The only thing different about this is that someone pointed it at Dyn, instead of any one specific site. Taking DNS services offline has some serious consequences.

One report I read about this said that they recorded THOUSANDS of gigabits/sec of data traffic during the DDOS attack. There are only a few (3, that I know of) of the companies that are behind the scenes of the internet that can actually handle that kind of traffic, much less that much false traffic.

The code to do this is public. It's simple. These attacks will only get worse.

Change the default Username/Password of ANY internet connected device. Period.

I'm so tired of the news playing this off as an advanced, difficult, and elaborate attack.

These DDOS attacks are simple.

There are millions of devices that are internet connected, thanks to jackwads in society, that this malware literally searches out, logs in to, boots itself up, and then can be directed with some pretty simple code that has been made public.

There isn't anything elaborate about it. It's the result of people being stupid and complacent.

Seriously,
Home Automation - Smart things, Hue, Cameras, Door Locks, etc...
Industrial cell modems
Home routers
...
...
...
...
The list goes on and on.

Tons of people have left their devices with the default Username/Password, and that makes them part of the botnet that caused this.

The only thing different about this is that someone pointed it at Dyn, instead of any one specific site. Taking DNS services offline has some serious consequences.

One report I read about this said that they recorded THOUSANDS of gigabits/sec of data traffic during the DDOS attack. There are only a few (3, that I know of) of the companies that are behind the scenes of the internet that can actually handle that kind of traffic, much less that much false traffic.

The code to do this is public. It's simple. These attacks will only get worse.

Change the default Username/Password of ANY internet connected device. Period.

https://www.youtube.com/watch?v=_JNGI1dI-e8

I finally noticed it hitting me Friday night ... just grabbed my ereader (in airplane mode!) and soaked in the hot tub while reading ... I am far from a Luddite but I still see more downsides than upsides to the so-called Internet of Things and I studied computer science & engineering in college (NOT freaking "Information Technology" which some goofball who was trying to impress me claimed as his degree).

I'm so tired of the news playing this off as an advanced, difficult, and elaborate attack.

These DDOS attacks are simple.

Indeed. DDOS attacks are not "hacking" ... they're simple "Script Kiddie" nonsense.

Not even script kiddies. There is a freely available download that does it for you.

https://a.fsdn.com/con/app/proj/loic/screenshots/220491.jpg

The DDoS isn't the "hacking" it's what the attacker does after the target has been hit. I think the goal is typically to bring machines/networks to their knees and then beak into them at that point.

DDoS has been around for quite a while. What's changing is how large and distributed the BotNet that can be created and the ability to resist attempts in shutting it down by adapting the attacks. As these attacks become increasingly driven by hostile nations, we're getting into cyber-warfare. Can you imagine the disruption if Americans couldn't use the Internet for a couple of weeks? [panic]

We've become dependent on it for commerce. Cloud services that we've come to rely on wouldn't be there. Younger generations that grew up always having the ability to 'Google' for everything would likely be very lost.

DDoS has been around for quite a while. What's changing is how large and distributed the BotNet that can be created and the ability to resist attempts in shutting it down by adapting the attacks. As these attacks become increasingly driven by hostile nations, we're getting into cyber-warfare. Can you imagine the disruption if Americans couldn't use the Internet for a couple of weeks? [panic]

We've become dependent on it for commerce. Cloud services that we've come to rely on wouldn't be there. Younger generations that grew up always having the ability to 'Google' for everything would likely be very lost.


i thought googling how to do things is what an adult was?

Low Orbit Ion Cannon is old, requires manual input, and is easily traceable.

The malware behind the dyn attack is designed to seek out and exploit open devices, and in some cases can exploit devices that have had the username and password changed because the manufacturer hard-coded alternate creditentials.

So far this is the best article I've found on the Dyn attack.

http://arstechnica.com/information-technology/2016/10/inside-the-machine-uprising-how-cameras-dvrs-took-down-parts-of-the-internet/