How Hackers Exploited the Internet of Things to Bring Down the Internet

The three-pronged attack that brought down Twitter, Paypal Netflix and many top sites was waged through hundreds of thousands of common devices found in unsuspecting people's homes, including camcorders and baby monitors.

A massive cyberattack that compromised major websites on Friday was waged through hundreds of thousands of web-connected devices – the so-called Internet of Things.

The type of attack, known as DDoS, crashes websites and services by overwhelming them with large amounts of traffic. Such attacks are usually mounted using computers that were previously infected with a virus. This time, however, the hackers extended the method to a wide variety of devices connected to the internet, including security cameras, webcams, DVRs and even baby monitors.

More on Internet of ThingsMeet the Israeli startups connecting the internet to everything | Intel creating Internet of Things’ lab in Haifa

A Politico report said that sources in the U.S. claiming to be affiliated with the hacking collective Anonymous and with a group named New World claimed the attack. They said it was revenge for cutting Wikileaks founder Julian Assange's internet.

Ecuador on Tuesday acknowledged it had restricted internet access for Assange, who has lived in its London embassy since mid-2012, over the publication of hacked emails linked to U.S. Democratic presidential candidate Hillary Clinton. However, the report said experts doubt the group was in fact behind the attack, saying in the past both groups  falsely claims responsibility for cyber attacks.

Chris Ratcliffe, Bloomberg

Wikileaks responded with a tweet requesting their supports to cease the attack. "Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point," the tweet said.

In 2010, banks and other firms cut ties with Wikileaks after it published the leaked Bradley Manning files and a 2007 video of a U.S. apache helicopter mistakenly shooting several Iraqi civilians. Anonymous hackers attacked the firms in response, crippling their online operations. Since then, many hacking groups across the world, and also in Israel, identified as part of Anonymous.

The attacks struck Twitter, Paypal, Netflix and other customers of an infrastructure company in New Hampshire called Dyn, which acts as a switchboard for internet traffic.

According to Flashpoint, a cybersecurity firm, the hackers used malware called Mirai, which takes over unsuspecting people's web-connected devices and turns them into a network that can be used in a cyberattack.

The Internet of Things is a fertile ground for hackers, says Ziv Gadot, CEO of Red Button, a cybersecurity firm that specializes in DDoS attacks. These devices contain computers and are connected to the internet, but their security is still "in diapers," he says. 

"Anything that may look like a tea kettle, a refrigerator or a security camera to you, is seen by hackers as a computer that can be connected to a network of tens of thousands or hundreds of thousands of other computers ready for zero hour," Gadot explains. "And when the time comes, they generate an overload of requests beyond what even a strong service like Dyn can handle."

According to Dyn, the cyberattack consisted of three heavy assaults from millions of unique IP addresses, making it one of the largest attacks ever seen. Each part of the attack came from different sources, which made it difficult to block. 

Attacking a large domain name service provider like Dyn can create massive disruptions because such firms are responsible for forwarding large volumes of internet traffic.

Friday's outages were intermittent and varied by geography. Users complained they could not reach dozens of internet destinations including Mashable, CNN, the New York Times, the Wall Street Journal, Yelp and some businesses hosted by Amazon.com Inc. Spotify, Airbnb, and Reddit were down as well. The outages began in the eastern United States and then spread to other parts of the country and Europe.

Dyn said it had resolved one morning attack on Friday, which disrupted operations for about two hours, but disclosed a second a few hours later that was causing further disruptions. By evening it was fighting a third.

The Mirai malware code was recently leaked online, which made it easier for hackers to use and even more difficult for cybersecurity firms and agencies to deal with. Following the leak, the U.S. Department of Homeland Security issued a warning about attacks from the Internet of Things last week. 

The disruptions come at a time of unprecedented fears about the cyber threat in the United States, where hackers have breached political organizations and election agencies.