The Largest Distributed Denial of Service, EVER! (A Robot Knock-Knock Description)

Denial of Service explained:
Computers respond to network traffic, generally. If there was a computer on my network that wanted to talk to my computer, that computer would put out a request to talk to my computer over the network, let me explain with robots and a knock-knock at the door description:

Knock-Knock
“Who’s there?”
<silence>

The lack of answering the “Who’s there” puts my robot in a waiting mode, waiting to figure out who’s there. After a few, my robot gives up and goes back to the kitchen to make dinner.

rosie_robot_by_code_e-d97md1w

Don’t make Rosie mad! She can lift a couch with one hand and vaccuum under it at the same time, the only other person I know who can do that is Mr. Incredible!

Imagine now that there are hundreds of knocks on the door, and the robot gets up and tries to say “Who’s there?” to every knock? But it’s the same person knocking. Eventually my robot will just freak out at the door and stop asking “Who’s there?” and will be too occupied to go back to the kitchen and make dinner. That’s how a basic denial of service works.

Now imagine, there was a full on army at the door, and every one of those soldiers was ordered to knock on the door (and every door the house has) thousands of times. The robot will probably go crazy, springs and gears shooting from it’s head and won’t be able to both figure out who’s at the door, nor make dinner! That’s how a distributed denial of service attack works.

Someone (or a cluster of someones) was able to order an army to go knocking on Brian Kreb’s door. That army was made up of soldiers from the Internet of Things. Here’s how that happened!

kilobot-closeup

When there are cool new devices that are connected to the Internet, like security cameras, fridges, thermostats, door-bells, teapots, and even children’s toys! Often times the manufacturer includes the information in the manuals (that can be found online) on how to log into the device and connect it to the Internet. Most people don’t bother changing the password.

The attacker(s) was/were able to use readily available information on the Internet (Check out https://www.shodan.io/ and https://wigle.net/), and write up some malware (called Mirai) that would try to connect to all these devices (with the 61 passwords that people don’t bother changing) and turn them into bots!

Imagine about 3,630,000 of these suckers, each of them knocking thousands of times.

badass_robot

Rosie’s not programmed to do this unfortunately

Even if there was 1,000 robots programmed to cook dinner and answer the door… They’d still have a freak-out time and just stand somewhere between the kitchen and the door, crying and doing neither the cooking or the answering of the door.

The attack even used what’s called a DNS reflection attack, that amplified the traffic,  like knocking on the door, but with a giant rubber mallet.

rainrosie5

Now that you understand how DoS and DDoS work, you can read some interesting articles here

https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/

http://www.csoonline.com/article/3126924/security/here-are-the-61-passwords-that-powered-the-mirai-iot-botnet.html

Update 20161022: Advancement on this attack.

This entry was posted in Security Blog and tagged , , , , , , , , , , , , , . Bookmark the permalink.