ROYAL OAK – Cybersecurity expert Dan Lohrmann explains how the Dedicated Denial of Service attack that in October brought down large sections of the Internet on the U.S. East and West Coasts was orchestrated by hackers using a botnet connected to a variety of dumb and unprotected appliances on the so-called Internet of Things.
Until recently, DDoS attacks were used to take down smaller targets and were often seen as the tools of activists and pranksters with a point to make. Ban attack that takes down multiple major websites for hours? That’s no joke.
A DDoS attack uses a variety of techniques to send countless junk requests to a website. This boosts traffic to the website so much that it gets overwhelmed, making it nearly impossible for anyone to load the page.
Websites have to filter out good traffic from bad, kind of like a dam that lets only so much water through. But if someone upstream can send an unexpected torrent down, the dam will overflow and maybe even crack, letting all the water through. That floods the area below — and in our analogy, it drowns the website you’re trying to reach. Now no one can go there.
Why are some sites (like Twitter and Spotify) affected, but not others?
The Oct. 21st attack targeted one company: Dyn Inc. That company manages web traffic for customers that include Twitter, Spotify, Netflix, Reddit, Etsy, Github and other favorites. Dyn is the dam for all these websites. So if a company uses Dyn to manage its web traffic, it could have been affected by the attack.
But if a company uses another service in addition to Dyn to manage its web traffic, it was likely spared the worst of outages.
Who is behind the DDoS attack?
We don’t know who’s responsible. The US Department of Homeland Security is investigating.
To listen to Dan’s analysis, click on https://soundcloud.com/podcastdetroit/m2-techcast-56-dan-lohrman-cybersecurity
