The one year anniversary for one of the largest DDoS attacks ever recorded took place a few months ago. On October 21, 2016, domain name service provider Dyn was hit by three massive and sophisticated DDoS attacks against its entire managed DNS infrastructure.
Dyn providers the service of mapping a domain name to its corresponding IP browser; therefore, when the attacks happened, many Internet services and platforms experienced serious service outages across North America and Europe, including major brands like Netflix, Reddit, Twitter and Spotify.
The DDoS attack was accomplished via a large number of DNS lookup requests from tens of millions of IP addresses. Dyn disclosed that the attack was executed via a botnet made up of a large number of IoT devices that were infected with the Mirai malware.
In a blog post shortly following the attack, Dyn said, “It appears the malicious attacks were sourced from at least one botnet, with the retry storm providing a false indicator of a significantly larger set of endpoints than we now know it to be. We are still working on analyzing the data but the estimate at the time of this report is up to 100,000 malicious endpoints. We are able to confirm that a significant volume of attack traffic originated from Mirai-based botnets.”
Dyn remarked that early observations of the TCP attack volume from several of its datacenters indicated packet flow bursts 40 to 50 times higher than usual. This size did not take into consideration “a significant portion of traffic that never reached Dyn due to our own mitigation efforts as well as the mitigation of upstream providers”. There were reports of a magnitude in the 1.2 Tbps range.
In addition to the crippling attack against Dyn, Mirai was used in several other high-profile malware attacks, including that against cybersecurity journalist and blogger, Brian Klebs, in September 2016.
Anonymous and New World Hackers both claimed responsibility for the attacks against Dyn sometime afterwards. The hactivist groups said that the DDoS attacks were in retaliation for WikiLeaks founder Julian Assange losing Internet access at the Ecuadorean embassy in London, where he has been granted asylum.
However, on December 13 2017, three U.S. men pleaded guilty to computer crimes related to the creation, sale and use of the Mirai botnet. The three defendants were Paras Jha, 21, Dalton Norman, 21 and Josiah White, 20. Paras Jh pleaded guilty to hacking into Rutgers University computer system between 2014 and 2016 in addition to charges involving writing code that let him infect and control devices with Mirai. All three men sought financial gain, renting the botnet out to other cybercriminals. Authorities, however, said the three men did not carry out the specific attack against Dyn, but that attack took place after an individual thought to be Jha published Mirai’s source code online.