Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dyn DNS DDoS Likely The Work of Script Kiddies, Says FlashPoint (techcrunch.com)

Posted by BeauHD on from the amateur-hackers dept.

While nobody knows exactly who was responsible for the internet outrage last Friday, business risk intelligence firm FlashPoint released a preliminary analysis of the attack agains Dyn DNS, and found that it was likely the work of "script kiddies" or amateur hackers -- as opposed to state-sponsored actors. TechCrunch reports: Aside from suspicion falling on Russia, various entities have also claimed or implied responsibility for the attack, including a hacking group called the New World Hackers and -- bizarrely -- WikiLeaks, which put a (perhaps joke) tweet suggesting some of its supporters might be involved. FlashPoint dubs these claims "dubious" and "likely to be false," and instead comes down on the side of the script kidding theory. Its reasoning is based on a few factors, including a detail it unearthed during its investigation of the attack: namely that the infrastructure used in the attack also targeted a well-known video game company. The attack on Dyn DNS was powered in part by a botnet of hacked DVRs and webcams known as Mirai. The source code for the malware that controls this botnet was put on Github earlier this month. And FlashPoint also notes that the hacker who released Mirai is known to frequent a hacking forum called hackforums[.]net. That circumstantial evidence points to a link between the attack and users and readers of the English-language hacking community, with FlashPoint also noting the forum has been known to target video games companies. It says it has "moderate confidence" about this theory. The firm also argues that the attacks do not seem to have been financially or politically motivated -- given the broad scope of the targets, and the lack of any attempts to extort money. Which just leaves the most likely being motivation to show off skills and disrupt stuff. Aka, script kiddies.

54 of 85 comments (clear)

  1. Right by Anonymous Coward · · Score: 4, Funny

    "script kiddies" is what we call the NSA these days, I guess.

    1. Re:Right by wardrich86 · · Score: 1

      Probably not wrong... how many of their tools do you think they actually developed in-house?

    2. Re:Right by jedidiah · · Score: 1

      No one had a vested interested in engaging in scaremongering here so it will be sort of "swept under the rug".

      --
      A Pirate and a Puritan look the same on a balance sheet.
    3. Re:Right by Anonymous Coward · · Score: 1

      The difference now is that people are buying the software in order to use it. Once you get to that level you're likely not talking to script kiddies anymore - these are adults with intent of malice, and it looks like they succeeded.

      "Script Kiddie" is a label you apply to someone who ran something they found on the internet without fully understanding what it does. These people knew exactly what they were doing.

    4. Re:Right by stoatwblr · · Score: 1

      Sometimes these kinds of attacks end up being orchestrated to demonstrate that "something needs to be done".

      IE: the motivation is to demonstrate that the network is at risk and it needs to be fixed before this happens again.

      That might be perpetrated by script kiddies but in such cases you'll find someone out back pulling the strings.

  2. Yikes by stabiesoft · · Score: 3, Interesting

    If script kiddies can bring down top tier names on the web, imagine what state actors could do.

    1. Re:Yikes by The-Ixian · · Score: 1

      What if the script kiddings worked for state actors?!

      --
      My eyes reflect the stars and a smile lights up my face.
    2. Re:Yikes by zlives · · Score: 1

      i think you spelled escape goat wrong.

    3. Re:Yikes by Fire_Wraith · · Score: 3, Informative

      And yet Ars Technica claimed in an article that there were indeed ransom demands made to Dyn. That seems to be at odds with Flashpoint's statement.
      http://arstechnica.com/informa...

      Given the links between the Mirai DDoS on Brian Krebs, and Dyn's involvement in helping him research that, I wouldn't at all be surprised if it wasn't the same or related groups of cybercriminals responsible for both.

    4. Re:Yikes by Anonymous Coward · · Score: 1

      your a doosh.

    5. Re:Yikes by AHuxley · · Score: 1

      State actors just get their spies into federal gov, mil and clandestine services every generation.
      Been deep undercover the main aim would be to gather intel but never send it back, wait for a go code and try to sway policy and public option as they rise up the ranks.
      Very different from a swarm of IoT without build up or other expected political aspects. A loss of top tier names/brands would be inconvenient for a few while.
      State actors would layer that with a US classic Colour revolution https://en.wikipedia.org/wiki/...
      Well funded NGO's, civil society and tame political leaders would be out demanding change over some hyped or induced outrage.
      Constant international news coverage, charismatic new leaders getting global interview time, a slogan, art work, endless funding for sock puppets to push the new reality.
      vs just a loss of top tier names/brands.

      --
      Domestic spying is now "Benign Information Gathering"
  3. Lies, DamnLies and Statistics by sdinfoserv · · Score: 5, Interesting

    If it's true that "script kiddies" took out 1/2 the US internet, trillions of dollars in transactions hang on a perilously delicate thread.
    If security of IoT is that poor, companies that produce them need to be held legally and financially responsible for any loss.

    1. Re:Lies, DamnLies and Statistics by sunking2 · · Score: 1

      I had to load the webpage on CNN or here to be told I was supposed to be having a problem...

    2. Re:Lies, DamnLies and Statistics by tk77 · · Score: 2

      I'd be more concerned that 1/2 the US internet is/was solely using Dyn.

    3. Re:Lies, DamnLies and Statistics by TFlan91 · · Score: 2

      ^ This.

      If sysadmins cant correctly configure backup DNS in critical systems... We have a bigger problem than some 12 year old trying to shutdown pokemon go cause he got beat up on the playground.

    4. Re:Lies, DamnLies and Statistics by zlives · · Score: 1

      just because you idea of internet is old folks home intranet news letter and cnn...

    5. Re:Lies, DamnLies and Statistics by zlives · · Score: 1

      its cheap

    6. Re:Lies, DamnLies and Statistics by AHuxley · · Score: 1

      That says more to the design, staff skills and robustness of systems protecting trillions of dollars in transactions.
      The security of IoT is designed to allow any user to connect to wifi or the app on a phone without needing to call support or find some paper in the box with a unique user name and password.
      Or spend hours online trying to search a make and version to find its "admin" or "password"

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:Lies, DamnLies and Statistics by TroII · · Score: 1

      I'm more bemused that days after the attack, all of Twitter's eggs are still in Dyn's basket.

      Name Server: NS1.P34.DYNECT.NET
      Name Server: NS4.P34.DYNECT.NET
      Name Server: NS2.P34.DYNECT.NET
      Name Server: NS3.P34.DYNECT.NET

      I guess anyone with brain cells at Twitter got kicked out in the recent layoffs.

      --
      "If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
    8. Re:Lies, DamnLies and Statistics by gweihir · · Score: 1

      There is also the other thing that script kiddies are incompetent. How long since one such moron starts an attack and then loses control of the bot-net (thereby being unable to _stop_ the attack)? Small-time criminals and vandals with nukes...

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. Re:I still don't understand... by Zontar+The+Mindless · · Score: 3, Insightful

    Civilised folk don't look for new justifications to kill.

    --
    Il n'y a pas de Planet B.
  5. Definitely script kiddies by Dan+East · · Score: 5, Interesting

    Of course it was script kiddies. Why in the world would any state-sponsored group show their hand and blow a single-use resource (the IoT botnet) to accomplish... absolutely nothing at all. Taking down some of the internet for part of a day at a totally non-strategic point in time, with totally non-strategic targets, isn't something any state would do randomly just for fun. This attack was large enough that it triggered many actions to prevent it from happening again. You have Chinese IoT chipset manufacturers doing recalls and patching their code. Pressure is being put on ISPs to help filter these kinds of attacks (it is quite obvious when some large percentage of your customers start engaging in some very abnormal network behavior all at the exact same time). Online providers like Dyn are learning and coming up with ways to prevent future attacks on their end. The only thing the attack accomplished was awareness. No state sponsored organization would have wasted their offensive attack resources like this.

    --
    Better known as 318230.
    1. Re:Definitely script kiddies by PinkyGigglebrain · · Score: 1

      If I only had mod points!

      This is exactly the point I made when I was talking to my brother about this. As you point out its a one time use attack, and it didn't really accomplish anything other than highlight the vulnerabilities of the IoT and trigger action to correct those vulnerabilities.

      I bet the state level actors are more than a bit ticked off about this, now they won't be able to use the IoTs as easily for their own plans.

    2. Re:Definitely script kiddies by interkin3tic · · Score: 1

      I've heard suggestions that state "someone is learning how to take down the internet." I don't have the background to understand these suggestions. Isn't it possible though that some state actor did this as an experiment to see the response and how much damage an attack like this could do?

    3. Re:Definitely script kiddies by AHuxley · · Score: 1

      Re "No state sponsored organisation would have wasted their offensive attack resources like this."
      Unless the state sponsored organisation has staff in the private sector and could ensure new standards of encryption got pushed.
      Standards of encryption that they as the "protector" of crypto got to design or test. Every device would then be more secure but totally open to the security services thanks to suggested upgrades after "scripts"
      That would clear up the risk of a lot of bespoke, in house and unique real crypto floating around.
      Just get a lot of new gov trapdoors and backdoors back into the private sector during the rush to help.
      Wait for the upgrades and the offer of help with a nice request of access with a "I'm from the US government and I'm here to help with crypto."

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Definitely script kiddies by marmot7 · · Score: 1

      Maybe it wasn't for fun: https://www.amazon.com/Plot-Ha...

    5. Re:Definitely script kiddies by phantomfive · · Score: 2

      When it says 'kids' it means 'people doing it for fun.' It's kind of an unusual definition of the word, I agree; but well, we as programmers deal with weird definitions.

      --
      "First they came for the slanderers and i said nothing."
    6. Re:Definitely script kiddies by gweihir · · Score: 1

      Indeed. The main characteristic of script-kiddies is that they have very big egos and very small understanding of how things actually work. No halfway rational group of attackers would ever do such a pointless attack that only draws attention to them. I hope they find the morons responsible and charge them the full amount of damage done. No reason to add any punishment after that.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    7. Re:Definitely script kiddies by houghi · · Score: 1

      to accomplish... absolutely nothing at all

      How do you know that? If a state actor did this, we might not even know what their goal was, so we have no idea if it worked or not.
      Just look at Zero Days
      IF thise where an attack, we have no idea yet to know who or what the real target was and if it worked or not. And perhaps awareness WAS the goal.

      --
      Don't fight for your country, if your country does not fight for you.
    8. Re:Definitely script kiddies by tuxisthefuture · · Score: 1

      Unless it was the US Government themselves, giving manufacturers a kick up the arse. As you say "You have Chinese IoT chipset manufacturers doing recalls and patching their code. Pressure is being put on ISPs to help filter these kinds of attacks".

    9. Re:Definitely script kiddies by stoatwblr · · Score: 1

      Except that because so much of the IoT is unable to be updated, this isn't single use unless ISPs start disconnecting customers who're participating in DDoS attacks.

  6. Dyn DNS DDoS by Hognoxious · · Score: 1

    Now then, boyo. A town in Wales it sounds like, lookyou.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  7. Possible and scary by melting_clock · · Score: 1

    The popularity and security weaknesses in IoT devices has lower the bar so that anyone with a bit of IT knowledge can take out large companies. We should take a step back from the IoT buzzword and remember that consumer side devices has been online for a long time. Other consumer equipment, such as routers and web cams, have long been a source an area with weak security and hardcoded passwords. The problem is that these devices are out there and there is no way of fixing them all.

    Unless better attack mitigation approaches are put in place, on the broader Internet infrastructure and not just the attach victims, these sorts of attacks will only become more common. Unfortunately, there seems to be little willingness to do this. It is true that this isn't an easy fix and changes will cause their own problems but the consequences of doing nothing could be much worse.

  8. Scripts... by Zargg · · Score: 1

    Yea of course they used scripts, imagine having to manually start a DDoS attacks from every bot in the net!

    1. Re:Scripts... by Cramer · · Score: 1

      Actually, it's an IRC channel. But whatever.

  9. Re:I still don't understand... by D00MSlayer · · Score: 2

    Lets just execute everybody, then we don't have to deal with anyone's bullshit.

  10. No *if*, security *is* that poor by raymorris · · Score: 1

    > If security of IoT is that poor.

    It is. Millions of devices just sitting out there with username "admin", password "admin". My 9-5 job is checking the security of companies that should have reasonable security - banks, large retailers, etc. They very often don't change default passwords, so why would you expect typical home users to?

    > If ... trillions of dollars in transactions hang on a perilously delicate thread.

    Yep. Just looking at the Slashdot headlines alone you'll see billions of dollars of losses/damage every year.

    > If it's true that "script kiddies" ...

    Another commenter pointed out some reasons it's unlikely to be a professional organization responsible in this case:

    https://news.slashot.org/comme...

  11. A man doesn't need to personally make a gun... by Karmashock · · Score: 1

    ... to shoot you in the face with it.

    The issue is not whether they're script kiddies or not but that the code worked. And it shouldn't. But it does. Correct the situation.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
  12. In the long run by HBI · · Score: 1

    Civilized people are enslaved by those who don't have such scruples.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    1. Re:In the long run by Zontar+The+Mindless · · Score: 1

      Civilised people have learned how to deal with those who kill without descending to their level.

      It wasn't so long ago that the Germans attempted to exterminate quite a few of their neighbours. Yet it proved possible to prevent this without exterminating the Germans.

      This makes me glad, as I've a number of good friends today who are German.

      --
      Il n'y a pas de Planet B.
    2. Re:In the long run by HBI · · Score: 1

      It was a pretty close thing, first of all. Remember area bombing and millions of civilians 'de-housed'? Shooting prisoners and mass sanctioned rapes of German women were also a feature of that "civilized" victory. The world hasn't become a nicer place in the interim.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    3. Re:In the long run by Zontar+The+Mindless · · Score: 1

      The word exterminate was not chosen for rhetorical effect.

      --
      Il n'y a pas de Planet B.
    4. Re:In the long run by gweihir · · Score: 1

      There were no "mass sanctioned rapes of German women". Stop revising history.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:In the long run by HBI · · Score: 1

      Are you fucking crazy? I think you are.

      It even has a fucking Wikipedia article!!

      You are delusional. Seek help.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    6. Re:In the long run by HBI · · Score: 1

      Yeah, because the Nazis were the only people ever to do that. It wouldn't have gotten worse in the meantime. Stalin didn't purge his population to a greater degree than Hitler. Mao didn't kill astronomical numbers of his people during his purges. There was no Uganda under Idi Amin. Rwanda didn't happen. There wasn't a breakup of Yugoslavia, even.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    7. Re:In the long run by gweihir · · Score: 1

      Actually, I grew up in Germany, and the people alive back then would have known about this (especially those raped), would they not? I never heard about more than isolated incidents. Sure, like in basically every war, there were rapes, but there were also punishments, including executions for at least some of the perpetrators. You should not believe everything Wikipedia tells you, especially when there is good indication the article is more propaganda than fact.

      Incidentally, from your language and lack of control, I would say that you are the one here in urgent need of professional help.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:In the long run by HBI · · Score: 1

      You didn't ask the right questions. How many people that were sexually assaulted like to talk about it? How many men want to admit that their mothers or grandmothers were raped by foreign soldiers? Former Chancellor Helmut Kohl's wife was one of the raped women.

      The bottom line is that over two million German women were gang raped by Soviet soldiers, and tens of thousands by the Western Allies. The gang rapes are frequently said to involve from 10-60 soldiers per woman, and there are records of women being raped over 100 times in a short span. Over ten thousand suicides by women who had been raped. Female suicide is rare in the worst of circumstances. The leadership on both sides were equivocal, and on the Soviet side the behavior was endorsed by Stalin. So much for a moral crusade across Europe. People are evil. Getting to know that evil is key to being honest.

      Revisionists who talk along the lines of Holocaust deniers piss me off. The events happened, too much documentation, including Soviet documentation, for this to be false.

      --
      HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
    9. Re:In the long run by gweihir · · Score: 1

      You should not confuse your demented fantasies with history. As I said, no indications of this in Germany. This is far too large for a cover-up, hence I very much doubt it is accurate. One thing I do see this matching is the (completely false) hysteria over "sex trafficking" in the US. Probably the same manipulation techniques at work there. And people fall for it.

      The Holocaust, on the other hand, did happen and the reported size is very likely accurate. Also, lots and lots ow witnesses. And there, I got a lot of information in school and society in general in Germany knows. A completely different situation.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  13. It was the Russians!!!! by ninthbit · · Score: 2

    From every other breach and incident we've seen, the government has screamed "Russians!!" with absolutely not proof.... Why not this time?

    1. Re:It was the Russians!!!! by GuB-42 · · Score: 2

      The started to suspect Russians, they are now more specific : they are Russian script kiddies.

  14. Re:wikileaks my arse. by TroII · · Score: 1

    WikiLeaks are the ones who made that tweet, so as per usual, they were only smearing themselves.

    --
    "If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
  15. Re:I still don't understand... by gweihir · · Score: 1

    Incidentally, civilized folk know that the death "penalty" has no deterrence value for murder. Cave-men, on the other hand still think you can sole problems by just applying violence, and if that fails, more violence.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  16. If this was script Kiddies... by byteherder · · Score: 1

    ...then all you "professionals" working in IT security should resign and go work as Walmart greeters. Seriously, if some 13 year old kid living in there parents basement can take down a bunch of major websites on the East Coast, the "pros" needed to be given their pink slips. Who is running this show, the Yahoo email security group? Fix your sh*t or resign.

  17. Keep believing lies if you wish... by HBI · · Score: 1

    "The little daughter's on the mattress,/Dead. How many have been on it/A platoon, a company perhaps?"
    - Alexander Solzhenitsyn, Prussian Nights

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.