Last Week’s DDoS Attack Might Only Be The First Volley

Download Audio

A massive denial of service attack took down a chunk of the Internet on Friday, using webcams and DVRs. We’ll look at what comes next.

This photo shows Dyn, a New Hampshire internet service company, in the old mill section in Manchester, N.H. (Jim Cole/AP)
This photo shows Dyn, a New Hampshire internet service company, in the old mill section in Manchester, N.H. (Jim Cole/AP)

Last Friday was a mess on the Internet.  Big swathes of Spotify and Twitter grinding to a halt. Of Reddit and AirBnB and Etsy and the New York Times, paralyzed. Six thousand web sites overwhelmed in a cyber-attack launched from an army of little gizmos. A sea of web cams and DVRs quietly taken over and weaponized for attack. This was new. And it points to a disturbingly vulnerable future as the internet runs everything. This hour On Point, denial of service, and the future of the web. — Tom Ashbrook


William Turton, staff writer on cybersecurity for Gizmodo. (@WilliamTurton)

Ann Barron DiCamillo, CTO of Strategic Cyber Ventures. Former director of the US Computer Emergency Readiness Team. (@annie_bdc)

Kevin Beaumont, IT security architect in the United Kingdom, where he designs, researches, builds and supports IT security for a UK company. (@GossiTheDog)

From Tom’s Reading List

Gizmodo: Everything We Know About the Cyber Attack That Crippled America's Internet — "Friday’s DDoS attack on Dyn’s domain name servers was unprecedented. The attack utilized a botnet made up of 'internet of things' (IoT) devices (think: smart TVs, DVRs, and internet-connected cameras) to take down a major piece of internet infrastructure. The result? For most of Friday, people across the United States and some parts of Europe were unable to access sites like Amazon, Twitter, CNN, PayPal, Spotify and more. Here’s what we know so far."

TechCrunch: Webcams involved in Dyn DDoS attack recalled -- "Dyn said last week it identified '10s of millions' of unique IP addresses involved in the massive botnet DDoS attack on its managed DNS services, which knocked out Twitter, Amazon and others sites for many users. At least some of those devices are now subject to a recall, with Chinese electronics company Hangzhou Xiongmai recalling web cameras using its components that were identified as making up a good portion of the devices involved."

The Daily Beast: Why Friday's Attacks on the Internet Are Just the Start — "Back in September Bruce Schneier, an internationally renowned security technologist, wrote about hackers probing the internet for points of weakness in an attempt to have the ability to take the entire net offline. A lot of people blew that article off at the time as unrealistic. That was before Friday's attacks which temporarily took down some of the biggest names on the internet."

Read The Dyn Statement on The 10/21/2016 DDoS Attack 

This program aired on October 25, 2016.


More from On Point

Listen Live