The DDoS attack on Dyn’s server was not only massive but highly sophisticated and came from millions of hacked IP addresses.
By now you should be aware of what happened with Dyn’s DNS servers two days ago when Internet was almost taken down by a series of massive DDoS attacks. Several IT security companies already discovered Mirai botnet being linked to the attack. But with time passing, researchers are sharing new and shocking details about this DDoS attack.
In the latest, according to the official blog post by Dyn’s Chief Strategy Officer Kyle York, it has been revealed that the attacks on their server were not only massive but also sophisticated and involved 10s of millions of hacked IP addresses.
Last month, OVH suffered Internet’s largest ever DDoS attacks of 1 TBPS in which 145,000 hacked webcams were used. As each camera is assigned with a special IP address the total number of hacked IP addresses involved in OVH attack should have been no more than 145,000. In Dyn’s case 10s of millions of hacked IP addresses were used. It is too early to conclude, but with the number of IP addresses involved, it is tempting to speculate that the recent DDoS attack was much bigger than the one on OVH. Maybe even several times bigger.
Dyn will come up with complete findings once the ongoing investigation unearths facts but for now, the company has confirmed that the attack was highly sophisticated. According to WhiteHatSec, a sophisticated attack is one in which the attackers know what application they are going to attack, collect intelligence to attack specific points in their target and not just a random system on the networks.
While it is unclear why this attack was conducted and or who was behind this attack, one thing is crystal clear. The sophistication and target selection was not done by kids. Both New World Hackers and RedCult have claimed responsibility. The latter is also promising further attacks. Remember, New World Hackers also claimed responsibility for 600 Gbps DDoS attack on BBC’s server that forced all of its websites to go offline and unavailable for readers for several hours.
That said, it’s too early to speculate or blame someone but for experts, the usual suspects in such cases are China and Russia. Just like a security expert Bruce Schneier explained in a blog post:
Wolf, you don’t know who is behind this, you don’t know if it’s foreign or domestic. What I do know is over the years we have tried to pass data security legislation. There’s been bipartisan agreement in the House. It has not moved forward into the Senate. We also know that a few years ago we tried to do a bill called SOPA in the House which required the ISPs to some governance on these networks and to block some of the bad actors.
What are DDoS attacks? DDoS Explained
For now, things are mostly based on speculation. This could, however, be the beginning of a dark future for the Internet. What to expect next nobody knows but in the end, it’s the business and online infrastructure that are being affected by such attacks.