Security experts have called for a concerted worldwide effort to increase security around internet-connected devices after the cyber-attack that took down many of the world’s most popular websites last week.
The mysterious attack on web infrastructure firm Dyn meant many internet users in the United States and some parts of Europe were unable to access sites such as Twitter, Netflix and Amazon for much of Friday.
Web Infrastructure Firm Targeted
According to security experts the hackers leveraged millions of unsecured internet-connected devices, like webcams, smart TVs and DVR players, to carry out a massive DDoS (Distributed Denial of Service) attack that overwhelmed the Dyn servers. That in turn brought down some of the web’s most visited sites.
In a statement, the company called it “a sophisticated, highly distributed attack,” adding: “The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.”
Manufacturer Blames Factory-Set Passwords
Hangzhou Xiongmai, the Chinese manufacturer that built many of the webcams and DVRs that were hijacked by Mirai has announced a recall on 4.3 million devices.
They said that many users don’t bother to change the default factory password, which makes it easy for relatively unsophisticated botnet software to scan Wi-Fi networks and take control of connected devices, which can then be turned against targets like Dyn.
Foreign Government “Not Responsible”
Security experts warned that the problem is only likely to get worse as more and more internet-connected devices, from refrigerators to automobiles, enter the mass market.
Meanwhile, Director of National Intelligence James Clapper told CBS that early claims that the attack was carried out by a foreign government were likely wide of the mark. However, he refused to be drawn into making any definite statements, adding that there was “a lot of data to be gathered here”.