Massive Cyber Attack On U. S. Companys Going On Now!

[ritchie58]

Here's an internet article from NBC News regarding the current situation of the massive cyber attack still unfolding as I write this. Read on!

 

Who Shut Down the U.S. Internet Friday?

by Robert Windrem, Ken Dilanian, Tom Winter and William M. Arkin

 

Department of Homeland Security Investigating Massive Internet Attack 3:23

Cyber experts and intelligence officials told NBC News it was too early to determine who was responsible for the cyber attacks that caused massive internet outages across the U.S. Friday, with some saying their analysis pointed to Russia and others saying it could just be "internet vandalism."

The three "denial of service," or DDoS, attacks, hit at about 7 a.m. , noon and 4 p.m. Eastern Time, knocking out such websites as Vox, Twitter, Spotify, Amazon, PayPal and Reddit.

The attacks used the "internet of things," meaning "smart" household appliances like DVRs, routers, printers and cameras that are linked to the web, to create "botnets" that overloaded websites by sending them more than 150,000 requests for information per second.

Officials said the attacks were largely aimed at internet infrastructure linked to one company rather than specific websites. Nearly all of those attacked were clients of Dyn, a firm that provides domain name system services and other internet infrastructure services. However, according to one official, there was also targeting of some individual websites.

 

How immune is election to Russian hacks? 2:43

"We have begun monitoring and mitigating a DDoS attack against our Dyn Managed (Domain Name System) infrastructure," Dyn said on its website at 11:52 a.m. ET. "Our engineers are continuing to work on mitigating this issue."

A senior intelligence official told NBC News that the current government assessment is that the attacks were a "classic case of internet vandalism," and did not appear to be state-sponsored or directed.

But two other senior intelligence officials told NBC News that while forensics on the attacks are far from complete, initial analysis points to the attacks being "Russian in origin" -- based on the methods and magnitude.

The Russian intelligence agency known as FSB enlisted Russian cybercriminals in 2008 to mount a similar cyberattack on the Republic of Georgia. Eight years later, there are far more devices hooked up to the internet, and available to be used in bot-nets for DDoS attacks.

"This is the Georgia attack on steroids," said an intelligence official. South Korea, India, Spain, Brazil and the U.K. also experienced major outages Friday.

Is It Really Russians?

Shawn Henry, chief security officer of the cybersecurity firm Crowdstrike, expressed caution about blaming Russians. He said many possible explanations were circulating around the internet Friday. He didn't rule out Russian involvement, but said it was "very, very early" to determine responsibility.

Henry said what was most ominous about the attacks is that they reveal that the U.S. is seriously vulnerable to cyber attack: "This demonstrates the fragility of the network and infrastructure."

Several internet experts told NBC News that they didn't see any Russian fingerprints.

Andrew Komarov of InfoArmor told NBC News he didn't see any sign of Russian involvement at all, whether state or private. He noted that the botnet used in the attack, "Mirai," was developed by an English speaker and that he had found no link between "Mirai" and the Russians, who have their own much more sophisticated methods.

He said the attacks seemed more consistent with the methods used by the hacking group known as Lizard Squad, two of whose members, both teens, were arrested earlier this month in the U.S. and the Netherlands and charged in connection with DDoS attacks.

 

US confirms arrest of suspected hacker in Prague 1:30

Said Komarov, "We have some context, that because of similar victims, using Dyn, and also tactics, tools and procedures by threat actors, it may be a revenge for the past arrests of DDoS'ers in the underground, happened several weeks ago."

Dmitri Alperovitch of Crowdstrike also expressed doubt about a link to the Russian government, and speculated the attacks might have to do with a recent interview that cybersecurity expert Brian Krebs did with Dyn mentioning Russian organized crime. The Krebs site was among those attacked Friday. Alperovitch said use of a botnet bears the hallmark of a criminal rather than state attack, and the target may simply have been Dyn, not the U.S.

A senior federal law enforcement official confirmed that the attacks used a botnet exploiting the internet of things, and that the FBI is investigating. The official said federal law enforcement had not yet made a determination about who launched the attack and why.

Richard Greenberg and Pete Williams contributed to this report.

[ritchie58]

Here are links to several internet security/investigative news sites that are updating readers on the situation as it progresses.

 

The Hacker News: http://thehackernews.com/2016/10/dyn-dns-ddos.html

Krebs on Security: https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/

Regards, Ritchie...