Happy Halloween! It’s Scary Out There!

| | Technology & Integration

Todds 2016 Halloween Message
Halloween is fast approaching, and the world is getting scarier by the day. Just last week, we saw headlines like “This Is Why Half the Internet Shut Down Today” and “DDos attack on Dyn involved tens of millions of hacked IP addresses.” In case you’ve been on a nice, off-the-grid long weekend since Friday, Dyn, a leading internet DNS service, was the recipient of a denial of service attack, causing widespread outages for prominent web sites, such as Twitter, CNN and PayPal.

DNS, or Domain Name System, is like the phone book for the internet. IP addresses are the phone numbers, and they look like this: URLs are the names, as in ”google.com.” When you want to go to Google, your computer has to first look up the domain name (google.com) in a DNS service to find out its number. Then, it can send a message to Google that you want to search for something. If the phone book is unavailable, then your computer can’t figure out how to get to Google. For most people, this means “the internet is down!”

A denial of service (Dos) attack occurs when one computer floods another with so many fake requests for service that the receiver is unable to process the legitimate web site users. A single computer can blitz another one, sending thousands of fake messages every second. The sending computer doesn’t care what happens to those messages, but the receiving computer has to process each one as though it were real, because it doesn’t know the difference until it analyzes it. A distributed denial of Service attack (DDos) uses many computers at once to lay down a barrage of millions, perhaps billions of fake messages per second. Even the most robust server farm systems will be affected by such an attack, unable to process any ‘normal’ requests.

Dyn has a large, distributed network that provides lookup services for a huge number of companies. When a user needs to go to the PayPal web site, for example, his computer first checks to see if it has the PayPal IP address cached, and if so, takes him directly to that site. If not, it checks with its local network. If it’s still not found, it sends a lookup request ‘up stream’ or outside their network. These up stream requests often end up on Dyn server, which looks it up and sends it back.

The key is that these local caches are not long-lived. They usually expire after a day or so (sometimes in as little as 5 minutes), which forces a call to Dyn to get the latest address. This allows the web site to do maintenance and shift web sites to different servers, without having to give their users a new name to go to.

With Dyn unable to respond while under attack, people were able to get to some web sites, but not to others. This added to the confusion about where the problem really was. Friday’s attack was sophisticated. In the morning, it targeted Dyn servers along the US East Coast. Network engineers worked to block traffic from the IP address of the source machines, but there were millions of them. The hackers had used malware and viruses to take over millions of computers (statistically, most are home computers, which tend to have less protection) and launch this attack from all of them at once. As attack forensic engineers started to profile the attack and begin creating protections against it, Dyn servers, by late morning, started to return to normal.

Then, something unusual happened. The attack shifted, changed shape, and at lunchtime, suddenly Dyn’s servers in Europe and on the West coast of the United States came under fire, with a slightly modified but equally devastating DDos attack. The cycle was repeated on an even bigger scale. The resulting impact of sophisticated attack was a global loss of millions of work hours, as employees tried to get their work done, but could not access the web sites they needed.

The moral of this story is along the same theme I’ve been writing about all too much lately. It’s important to have good antivirus on all of your computers. It’s important to teach employees how to recognize malware and the signs of a virus infection on their computer. It’s also important to educate your employees on how to protect their personal computers and to use the same vigilance at home that they do at work. After all, if their home computer falls prey to a hacker, it could be used in the next attack against your company.

Stay safe out there. Don’t let Halloween or the hacking reality of the world freeze you into inaction. Talk to your IT people, make a plan for how to stay safe, and then work the plan as best you can. Happy Halloween – let’s all collect more treats… than tricks.

Todd Davis

Todd Davis, Vice President of IT – ReviewStat Services for UniMed Direct, is responsible for the continued development the industry-leading ReviewStat system. Leading a team of like-minded professionals, Todd works to review and improve ReviewStat’s full-featured and robust system to make it even more efficient and easy to use.