Mirai DDoS Attack on Dyn Was Biggest Ever Seen

The Mirai DDoS attack that disrupted a large portion of the internet last week was the largest of its kind and has been confirmed to be the work of the Mirai botnet. On October 21, the botnet attacked the servers of Dyn, a company that controls much of the internet’s DNS infrastructure, taking out everything from social media to news sites, including Twitter, Netflix, and CNN.

mirai-ddos-attack-biggest-ever

The Mirai DDoS attack on Dyn in late October may have reached 1.2 terabits per second, making it twice as powerful as its first attack in September. (Image: shutterstock.com)

Mirai harnesses the power of thousands of Internet of Things (IoT) devices, focusing them on a central server, or botnet, to boost the power of an attack and render a website non-operational. It first surfaced on September 20 when it attacked digital security news portal KrebsOnSecurity, overloading the site’s servers with requests at 620-gigabits-per-second, more than twice as much as anything security experts have seen before.

The attack on Dyn was greater still, with some reports suggesting it reached 1.2 terabits per second.

Online Poker Sites Vulnerable

Online poker sites have had to deal with DDoS attacks since the early days of the industry. Typically, these are launched during the height of an online tournament series, at a time when disruption will do the most damage, and are accompanied by a ransom demand.

Online sports books are particularly vulnerable to DDoS attacks because they are so reliant on big sporting events or race meets for a large portion of their revenues.

Last year, tech company Akamai reported that the online gambling sector had become the most frequently targeted of all by DDoS attackers.

But Mirai is something different altogether, and unfortunately for the online gambling industry, its coding has been posted online on hackers’ forums for anyone to access.

State Sabotage Unlikely

But it’s not just online gambling companies that should be worried.

As David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations, told the UK’s Guardian this week:

“We have a serious problem with the cyber insecurity of IoT devices and no real strategy to combat it. The IoT insecurity problem was exploited on this significant scale by a non-state group, according to initial reports from government agencies and other experts about who or what was responsible. Imagine what a well-resourced state actor could do with insecure IOT devices.”

Business risk intelligence firm FlashPoint also dismisses rumors that the attack on Dyn was state-sponsored sabotage, calling the claims “dubious.” It was far more likely to be the work of kids linked to hackers’ forums causing mischief, particularly because the same attacker also separately targeted the servers of the video game RuneScape.

“While there does not appear to have been any disruption of service, the targeting of a video game company is less indicative of hacktivists, state-actors, or social justice communities, and aligns more with the hackers that frequent online hacking forums,” said Flashpoint.

Philip Conneller
Written by
Philip Conneller
As part of the team that launched Bluff Magazine back in 2004, and then as Editor of Bluff Europe, Philip Conneller has (probably) written thousands of articles about poker and has travelled the globe interviewing the greatest players in the world, not to mention some of the sexiest celebrities known to man in some of the world’s sexiest destinations. The highlight of his career, however, was asking Phil Ivey (as a joke) how to play jacks, and emerging none-the-wiser. Philip once won $20,000 with 7-2 offsuit. He has been told off for unwittingly playing Elton John’s piano on two separate occasions, on different sides of the Atlantic Ocean. He became a writer because he is a lousy pianist. He lives in London where he spends his time agonizing about Arsenal football club, yet in Wenger he trusts.

Comments

NateVest wrote...

Crazy makes me scared to think what it will be like in ten years.

Jared Bielby wrote...

Now that the fears of IoT DDoS attacks have been realized, how can technologists work alongside policymakers and manufacturers to ensure a safe a secure future for the Internet of Things? Contribute your thoughts and research here: https://ieee-collabratec.ieee.org/app/question/74926

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Did you know about our poker forum?

Discuss all the latest poker news in the CardsChat forum