Return to Cloudburst

The Internet is a Vulnerable Place

Until Friday, October 21, 2016, you might have thought that the core internet could not go down. Sure, individual sites go down and you could lose your local internet connection, but not large parts of the internet. At about 7:00 AM EST on that day hundreds of critical business sites such as Amazon Web Services, Wall Street Journal, Box.com and Sterling bank, as well as major social media sites such as Twitter, Pinterest and GitHub were not available. So, what has changed?

There are hackers (referred to as black hats) out there that are motivated by money, prestige or political ideology and there are highly trained networking engineers (referred to as white hats) working to stop them. For most of the history of the internet, the white hats have had the upper hand. The hackers have stolen personal data, credit card numbers and taken down individual sites, but have not been able to harm the core internet itself.

Two things have come together to make the core internet vulnerable. The first thing is that the black hats discovered that millions of devices such as web security cameras and home management devices such as internet connected doorbells, thermostats and refrigerators (referred to as the Internet of Things, IoT) have been added to the internet and many are vulnerable to being taken over by hackers. This type of attack is called a Distributed Denial of Service (DDoS) attack, and it is not new, but the volume of data that can be directed at a single point on the internet has gone up dramatically.

The second thing that has changed is that the black hats have discovered the Achilles heel of the internet. It is central services such as Domain Name Service (DNS which translates friendly names like www.google.com into the address number that computers use in the background to communicate with each other), and web content distribution services.

They have taken over millions of devices such as baby monitors and can use them to send massive volumes of data at these critical central services completely shutting them down. They can send up to 1000 Gigabytes of data per second to the victims of their choice. Another recent development is the release of simple software for controlling these devices and coordinating the attacks.

What can you do to protect your systems from being taken down? The best defense against an attack on your DNS provider is to use multiple DNS providers to resolve your name. If one gets attacked, then the other services should still respond. If you are a larger organization with the financial resources necessary, you can protect your public systems by subscribing to a DDoS protection service. You will send all of your web traffic to the DDoS service provider to be scrubbed prior to sending it to your servers, which will only allow traffic directly from the DDoS provider’s systems.

The security landscape is changing rapidly and it is important to have knowledgeable IT security personnel on staff or advising you on how to keep your systems safe and available.