Internet-destroying outages were caused by "amateurish" IoT malware


Some of the internet's most popular, well-defended services -- including Twitter -- were knocked offline yesterday by a massive denial-of-service attack that security experts are blaming on botnets made from thousands of hacked embedded systems in Internet of Things devices like home security cameras and video recorders. Read the rest

Major U.S. websites inaccessible in "cyber attack" on domain name system

Much of the web struggled to stay on its feet today, with outages bringing down U.S.-based services and sites such as Amazon, Twitter and Netflix. A massive distributed denial of service (DDOS) attack on Dyn DNS is reportedly the cause: as a popular provider of domain-name lookup services, it falling over means that browsers simply don't know where to find websites.

Monitoring: Services have been restored to normal as of 13:20 UTC. Posted about 1 hour ago. Oct 21, 2016 - 13:36 UTC

Update : This attack is mainly impacting US East and is impacting Managed DNS customers in this region. Our Engineers are continuing to work on mitigating this issue. Posted about 2 hours ago. Oct 21, 2016 - 12:45 UTC

Investigating: Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating a DDoS attack against our Dyn Managed DNS infrastructure. Some customers may experience increased DNS query latency and delayed zone propagation during this time. Updates will be posted as information becomes available.

This is "probably why half the internet is shut down today," reports Gizmodo, which offers the following list of sites that were down for the count.

ActBlue, Basecamp, Big cartel, Box, Business Insider, CNN,, Esty, Github, Grubhub,, HBO Now, (iHeartRadio), Imgur, Intercom,, Okta, PayPal,, Pinterest, Playstation Network, Recode, Reddit, Spotify, Squarespace Customer Sites, Starbucks rewards/gift cards,, The Verge, Twillo, Twitter, (lol), Weebly,, Wix Customer Sites, Yammer, Yelp,, Zoho CRM,

Update: The Amazon AWS status page is a useful bookmark, as the service backends many websites and services. Read the rest

The clumsy, amateurish IoT botnet has now infected devices in virtually all of the world's countries


Mirai, the clumsily written Internet of Things virus that harnessed so many devices in an attack on journalist Brian Krebs that it overloaded Akamai, has now spread to devices in either 164 or 177 countries -- that is, pretty much everywhere with reliable electricity and internet access.

Imperva, a company that provides protection to websites against Distributed Denial of Service (DDoS) attacks, is among the ones who have been busy investigating Mirai. According to their tally, the botnet made of Mirai-infected devices has reached a total of 164 countries. A pseudonymous researcher that goes by the name MalwareTech has also been mapping Mirai, and according to his tally, the total is even higher, at 177 countries.

Internet of Things Malware Has Apparently Reached Almost All Countries on Earth [Lorenzo Franceschi-Bicchierai/Motherboard] Read the rest

The malware that's pwning the Internet of Things is terrifyingly amateurish


Following the release of the sourcecode for the Mirai botnet, which was used to harness DVRs, surveillance cameras and other Internet of Things things into one of the most powerful denial-of-service attacks the internet has ever seen, analysts have gone over its sourcecode and found that the devastatingly effective malware was strictly amateur-hour, a stark commentary on the even worse security in the millions and millions of IoT devices we've welcomed into our homes. Read the rest

Your next DDoS attack, brought to you courtesy of the IoT


The internet is reeling under the onslaught of unprecedented denial-of-service attacks, the sort we normally associate with powerful adversaries like international criminal syndicates and major governments, but these attacks are commanded by penny-ante crooks who are able to harness millions of low-powered, insecure Internet of Things devices like smart lightbulbs to do their bidding. Read the rest

The democratization of censorship: when anyone can kill as site as effectively as a government can


On the eve of the Stuxnet attacks, half a decade ago, I found myself discussing what it all meant with William Gibson (I'd just interviewed him on stage in London), and I said, "I think the most significant thing about any of these sophisticated, government-backed attacks is that they will eventually turn into a cheap and easy weapon that technically unskilled people can deploy for petty grievances." We haven't quite got there yet with Stuxnet, but there's a whole class of "advanced persistent threat" techniques that are now in the hands of fringey criminals who deploy them at the smallest provocation. Read the rest

A powerful attacker is systematically calibrating an internet-killing tool

050 056c026d-1c66-4d42-9fae-a8e96df290c5-1020x1181

Someone -- possibly the government of China -- has launched a series of probing attacks on the internet's most critical infrastructure, using carefully titrated doses of denial-of-service to precisely calibrate a tool for shutting down the whole net. Read the rest

UPDATED: Wikileaks dumps years' worth of email from Turkey's ruling party


Update: This dump turned out to primarily consist of public mailing list traffic; Wikileaks promotions of the dump included links to spreadsheets containing thousands of Turkish women's sensitive personal information, and the organization has largely ducked responsibility for its mistakes, attacking those who point out its mistakes.

Wikileaks have just published the Erdoğan Emails, which is claimed to represent years' worth of email from the APK, the Turkish ruling party, with messages dating from 2010 to as recent as July 6. Read the rest

Always-on CCTVs with no effective security harnessed into massive, unstoppable botnet


When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries. Read the rest

How it feels to be under DDoS attack


At this week's O'Reilly Velocity conference in Santa Clara, Artur Bergman, founder and CTO, told the story of how he got involved in starting a denial-of-service-resistant CDN -- a personal story about helping his old company cope with a titanic DDoS attack that brought it and its upstream provider to their knees. Read the rest

One million machines, including routers, used to attack banks


Akamai's Ryan Barnett reports on two attacks against the service's financial customers last year: attackers used nearly 1m compromised systems to attempt to log in to users' accounts using logins and passwords from earlier breaches. Read the rest

Security economics: black market price of hacked servers drops to $6

5900608214_8c609f61e7_b (1)

A new Kaspersky report analyzes an online hacker marketplace called xDedic, where access to 70,000 hacked servers -- multiplayer game servers, billing servers, cellular/ISP servers, dating servers, betting servers, government and university servers -- in 173 countries can be bought for $6 and up. Read the rest

DDoSers sell attacks for $5 on Fivver


Many years ago, EFF co-founder John Gilmore and I were discussing the prevalence of botnets, which are commonly used to launch distributed denial of service (DDoS) attacks that overwhelm websites with floods of traffic; John said that if the botnets were really on the rise at the reported rate, we should expect to see a massive crash in the price of DDoS services, following simple supply/demand logic. Read the rest

Web security company breached, client list (including KKK) dumped, hackers mock inept security

Screen-Shot-2016-03-11-at-12.00.51-PM-640x263 (1)

Newport Beach based Staminus Communications offered DDoS protection and other security services to its clients; early this morning, their systems went down and a dump of their internal files were dumped to the Internet. Read the rest

Google launches Project Shield, to protect news sites from DDoS attacks


Insecure desktop operating systems (and even server/CMS vulnerabilities) has led to the creation of enormous, powerful botnets comprised of thousands, hundreds of thousands, or even millions of machines -- and thanks to the law of supply and demand, it's remarkably cheap and easy to rent time on a botnet and blast any site of your choosing off the Internet. Read the rest

Wargames-style map shows ongoing internet attacks


The Norse Map is a Wargames-style visualization of ongoing attacks on servers around the world. Though it shows honeypots rather than actual private or government targets, the result is a live snapshot of trends in computer mischief.

Dubai seems to be getting quite a pounding today. Read the rest

Life inside a DDOS "booter site"

The internal records of Lizardsquad's Lizardstresser -- a service that would, for money, flood sites with traffic intended to knock them off the Internet -- were dumped to Mega by Doxbin's former operator, providing an unprecedented public look at the internal workings of booter. Read the rest

More posts