How was the Internet of Things able to take down the Internet with a DDoS?

DDoS from IoT Devices On October 21st, a large number of websites, including some of the biggest names, were knocked off the Internet by a massive distributed denial-of-service (DDoS) attack. A DDoS attack occurs when thousands to millions of devices send traffic to a target, completely overloading its servers or Internet connection.

The recent attack targeted a company called DYN, a DNS service provider for thousands of companies. DNS translates the name of an Internet host like and converts it to an IP address like Your computer then uses this to do the actual communicating. By disrupting DYN, the attackers prevented this translation from happing for the companies DYN supports, making them unreachable for many users.

To cause this disruption, the attackers sent a staggering 1.2 Tbps (trillion bits per second) of data. Typical home Internet might max out at 15 Mbps (million bits per second). Therefore, this would be equivalent to 80,000 home connections simultaneously sending everything they could to this one company. In fact, this attack utilized many more devices, sending only a smaller amount of data each to add up to that gigantic total.

Interestingly, the attack did not use compromised personal computers (typically the most common method), but rather compromised Internet of Things (IoT) devices. IoT devices include surveillance cameras, smart TVs, home routers, and smart thermostats. Most of these are designed with very weak security and often have built-in, hard to change default passwords. A malware tool called  Marai, recently released to the public as source code, was the technology behind exploiting these vulnerable devices. Anyone could have used Marai to create an enormous swarm of compromised devices, which could be launched against any target they pleased.

Unfortunately, there is very little incentive for the makers of IoT devices to create them using real security. So far, they have not been held responsible for damages, and neither they nor their users typically experience any direct harm from the attacks. ISPs also have some ability to detect and block attacking traffic and vulnerable devices, but only at significant cost and annoyance to their legitimate customers.

Because these devices have a relatively long shelf life, it may take years after the makers are finally forced, in one way or another, to secure the devices before we see any real benefits from the change.

[Updated 10/27 to improve clarity]

Sony hack shows how hard it is to stay anonymous

Asian woman headsmack FBI Director James Cormey says that the North Korean’s who hacked Sony were tracked because of bad operational security in their use of proxies.

We saw the same thing with the take down of the Silk Road website. Few people have the skills, tools, and discipline to be 100% consistent with their anonymity. Any slip at any time can blow your cover. Of course, this could have been an intentional false flag, the rabbit hole can get very deep. Jeff Carr makes the case that this is actually quite likely.

"FBI Director James Comey, today, said that the hackers who compromised Sony Pictures Entertainment usually used proxy servers to obfuscate their identity, but "several times they got sloppy."

Speaking today at an event at Fordham University in New York, Comey said, "Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using ... were exclusively used by the North Koreans."

FBI Director Says 'Sloppy' North Korean Hackers Gave Themselves Away

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter, and Google+.