'Smart' home devices used as weapons in website attack

BBC

https://v.qq.com/txp/iframe/player.html?vid=j0339b3tfwd&width=500&height=375&auto=0

Hackers used internet-connected home devices, such as CCTV cameras and printers, to attack popular websites on Friday, security analysts say.

Twitter, Spotify, and Reddit were among the sites taken offline on Friday.

Each uses a company called Dyn[1], which was the target of the attack, to direct users to its website.

Security analysts now believe the attack used the "internet of things[物联网]" - web-connected home devices - to launch the assault[发起攻击].

Dyn is a DNS[2] service - an internet "phone book" which directs users to the internet address where the website is stored. Such services are a crucial part of web infrastructure.

On Friday, it came under attack - a dedicated denial of service (DDoS) - which relies on thousands of machines sending co-ordinated messages to overwhelm the service.

The "global event" involved "tens of millions" of internet addresses.

Security firm Flashpoint said it had confirmed that the attack used "botnets[僵尸网络]" infected with the "Mirai" malware[3].

Many of the devices involved come from Chinese manufacturers[躺枪...], with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability[弱点] which the malware exploits.

"Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default[出厂(默认)设置] usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl[猛扔;猛投;猛摔] junk traffic at an online target until it can no longer accommodate legitimate visitors or users."*

*【注】这里涉及到DDoS的攻击手段。

DDoS攻击通过大量合法的请求占用大量网络资源，以达到瘫痪网络的目的。

The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote.

Mr Krebs is intimately familiar with this type of incident, after his website was targeted by a similar assault in September, in one of the biggest web attacks ever seen.

The incidents mark a change in tactics for online attackers.

DDoS attacks are typically aimed at a single website. Friday's attack on Dyn, which acts as a directory service for huge numbers of firms, affected several of the world's most popular websites at once.

The use of internet-connected home devices to send the attacking messages is also a relatively new phenomenon, but may become more common.

The Mirai software used in these attacks was released publicly in September - which means anyone with the skill could build their own attacking botnet.

On social media, many researchers and analysts expressed frustration with the security gap[(安全)漏洞] being exploited by attackers.

"Today we answered the question 'what would happen if we connected a vast number of cheap, crummy[低劣的,劣质的;糟糕的] embedded devices[嵌入式设备] to broadband networks[宽带网]?'" wrote Matthew Green, an assistant professor at the Johns Hopkins Information Security Institute.

Jeff Jarmoc, head of security for global business service Salesforce, pointed out that internet infrastructure is supposed to be more robust.

"In a relatively short time we've taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters," he tweeted.

······

[1]Dyn （公司名）

黑客袭击的对象是位于美国新罕布什尔州(New Hampshire)的一家名为Dyn的互联网站交换中心，Dyn为互联网站提供基础设施服务，客户包括推特、Paypal、Spotify等知名公司。

[2]DNS（Domain Name System，域名系统），因特网上作为域名和IP地址相互映射的一个分布式数据库，能够使用户更方便的访问互联网，而不用去记住能够被机器直接读取的IP数串。

[3]【相关背景】随着利用物联网发动DDoS攻击的Mirai原代码被公开后，导致该恶意程序日益猖獗。外国电信公司表示，目前已有493000台物联网装置感染上Mirai，比原代码发布前扩大了一倍。

······

黑客在周五(10月21日)利用网络摄像机以及电子录音等设备袭击了一些知名的国际网站。英国BBC中文网10月22日报道，这些黑客袭击的对象是位于美国新罕布什尔州(New Hampshire)的一家名为Dyn的互联网站交换中心，Dyn为互联网站提供基础设施服务，客户包括推特、Paypal、Spotify等知名公司。美国国土安全部以及联邦调查局称已经介入调查。

黑客使用了数十万网络连通设备在美国东部以及欧洲的一些国家制造恶行，这些设备以前遭到过恶意代码感染。Dyn首席战略官约克(Kyle York)称，“攻击手段的多样化让我们防不胜防，” 这起事件发生在美国对电子攻击感到史无前例的恐慌的时候。黑客已经攻击了美国的一些政治团体和竞选机构。

报道称，发生在周五的断断续续的黑客攻击位置来源非常广，导致是一个互联网新闻博客Mashable、CNN、纽约时报、华尔街日报、评论网站Yelp以及亚马逊等网站用户无法登陆。

Dyn表示攻击来自上百万网络地址，是史上规模最大的网络攻击之一。安全专家表示这是一种被称为DDos(分布式阻断服务攻击)的内容攻击方式。黑客通过给网站注入海量垃圾信息导致服务崩溃。

Dyn分析称，一些恶意流量来自网络连通设备，包括网络摄像机以及电子录音设备，这些设备遭到一种叫“Mirai”的病毒控制。

“我们不能简单阻断这些网络地址，因为这将使谷歌以及域名解析服务OpenDNS 被封，”Dyn安全及内容传输部门的负责人说，“这是非常恶劣的攻击，非常难以预防。”对类似域名服务提供者的攻击可能导致大规模伤害，因为这些机构的职能是传输海量的网络流量。

Dyn表示，当天早上自己受到了第一次攻击，导致运行中断两个小时，在服务恢复后，又发现了第二次和第三次攻击。作为全球最大的电子信息云存储公司之一，亚马逊在西欧的用户受到短暂影响。在伦敦，推特和一些新闻网站周五晚上不能登陆。Paypal表示，攻击导致客户在某些区域无法登陆完成支付。

新闻来源：http://t.cn/RVpnhc2