On Friday, Oct. 21, people began to notice something was wrong. At around 7 a.m. EST, several prominent internet sites and services became unavailable on the Eastern seaboard of the United States. Affected sites and services included Twitter, Reddit, Spotify and dozens more. As the day continued, additional attacks caused repeated outages across larger regions of the U.S. and other parts of the world. What happened, and how worried should we be about it?
As you may have heard, the attack was a distributed denial of service (DDoS) attack. At its most basic level, a DDoS attack directs internet-connected devices to send messages to one or more web servers. The servers become overwhelmed trying to handle a massive amount of incoming messages. It's like walking into a room full of people and everyone begins shouting at you at once.
One way to execute a DDoS attack is to compromise an army of computers first. Typically, this involves convincing unsuspecting victims to download some malicious software that will give a hacker backdoor access to the machine. Then, the hacker directs all those computers to send traffic to the target server.
Another way is to exploit the growing industry of the internet of things (IoT). Unfortunately, many of the devices we connect to the internet (such as webcams, video game consoles, DVRs and even thermostats) have little to no security protecting them. Some use a generic password, and others have no password protection at all. These devices serve as a vulnerability and can be turned to join an army of compromised computers.
The October attack focused on domain name system (DNS) servers. These servers act like phone books for the internet; they're an integral component of internet infrastructure. When the servers became crippled by messages, they could no longer direct legitimate traffic. According to Dyn, the company that operates Friday's targeted DNS servers, the attack came from tens of millions of IP addresses.
Who could be the next target? Essentially, any system connected to the internet is vulnerable. While DDoS attacks don't corrupt or steal information, they do bring systems down and make them unavailable. That could be a huge headache for many companies that are increasingly relying on the internet to conduct business. It's easy to imagine a DDoS attack shutting down an airline's online operations or preventing customers from accessing their content from services like Netflix or Hulu.
But some systems aren't at risk. These are systems that we isolate from the internet specifically to make them more secure. Examples include the computer systems at various nuclear facilities. These computer systems are critical for the safe operation of potentially destructive systems. The risks are far too great to connect these systems to the internet. Instead, we create self-contained computer systems that have no direct link to the internet (or other networks that in turn are connected to the internet). We call these "air-gapped systems," meaning there's a gap of air between the computer system and the internet itself.
Other examples of air-gapped systems are financial computers at major stock markets, classified government databases and air traffic control systems. These systems aren't magically immune to tampering but it becomes much more challenging to compromise them. In order to bring these systems down, you'd typically need to get physical access to the network first.
So what can we do to protect ourselves and our internet infrastructure? Clearly, we can't just disconnect — then there's no more internet. One step would be for IoT companies to spend more time developing security systems for their products and services. This tends to create a bit of a barrier for users, but it may also help prevent a poorly secured internet population from growing even larger. Another is just to exercise good computer security habits — use strong passwords, change those passwords regularly, pay attention to the sites you visit and any files you might download, and be on the lookout for possible malware.
The harsh reality is that DDoS attacks are relatively easy to execute and are effective at taking systems offline. Security experts will continue to develop strategies to detect and counteract DDoS attacks, creating programs that can separate the signal of legitimate traffic from the noise of a mob attack. But we'll likely see many more examples of these sorts of attacks as time goes on.