Friday, several of the web sites most frequented of the globe – Twitter, PayPal, Amazon, Spotify, Netflix, etc. – have had their access severely disrupted, particularly in the United States. In question, an attack by distributed denial of service (DDoS, for Distributed Denial of Service), that is to say, by saturation of the target by a large number of connections, against the american company Dyn.
Dyn is a DNS service provider for Domain Name System, the domain name system, which allows you to translate a domain name such as www.liberation.fr in technical information, including the IP address of the machine of the user. According to the company, and several american media, the attack would be mainly relied on the decision of control objects connected to evil-or not – secure. In September, the hosting French OVH had been the victim of a DDoS attack “enlisting” of surveillance cameras, which are poorly protected. in Liberation has asked four questions about the attack on Friday against Dyn Stephane Bortzmeyer, network engineer and blogger.
How do you explain what happened on Friday ?
Two attacks occurred, the first around 11 a.m., French time, the second to 18 hours, which were referred to Dyn, a us provider important DNS service. Among the sites affected, there are direct customers of Dyn, like Twitter, but there are also victims by extension. For example, Amazon uses Dyn for its hosting service to remote AWS, Amazon Web Services : as a result, all sites that use AWS, such as AirBnB, have planted their turn. For the user, the visible effect is the same : these web services to your high-traffic have stopped working, or worked incorrectly.
DNS services are a critical infrastructure, invisible most of the time, except when there is an outage. It’s been years that the organizations in charge of the management of domain names, such as the Afnic in France, point to the problem. The trend to outsource the DNS to specialized companies is that everyone tends to concentrate in a small number of service providers, like Dyn, that it becomes tempting to attack.
In September, hosting provider OVH had been the victim of a DDoS attack via the connected cameras. Should we expect to see this type of attack is to multiply ?
During DDoS attacks, there is no, or little, public information that can be analyzed by independent researchers. And to discover where it comes from an attack, it is necessary to investigate. For the moment, it is difficult to know what happened precisely in the case of Dyn. What is certain is that the industry of the connected objects product quantity of the vehicles including the level of security that takes no account of the lessons learned by the middle of the computer security over the past thirty years… In this sector, the experts are not listened to. In the case of the cameras used for the attack against OVH, there was a model with a default password that is the same for all cameras: it’s been over twenty years that the computer industry does not engage in more of this kind of error !
Is it possible to identify the perpetrators of an attack like the one suffered by Dyn?
It is very difficult : the IP address will appear to come from the attack can be spoofed… The attackers are advancing and will conceal better. And as there is no public information verifiable, one is forced to blindly trust business of computer security that will give the origin of the attack… because there is no possibility of an independent expertise, so we will long continue to be in the blur. However, Dyn is a big company, with lots of material resources, which integrated the risk of denial of service attacks. The fact that this attack has been successful indicates that the one who committed had the means, say, above the average. This attacker has also identified the fact that by making it unavailable to the DNS servers of a sub-contractor, we “plant” much more of the world, what few pirates were even here.
Is it possible to protect against it ?
there are two schools are contradictory. On the one hand, companies such as Dyn say that in the face of attacks based on the volume of connections, no company – except Google – may not collect such a traffic, and that it is necessary to consolidate the efforts on specialised service providers. The opposite position says that by doing this, we create targets that are more tempting to hackers. This is certainly not tomorrow that we will… twenty years ago, all the companies present on the Internet managed their own DNS server. Today, everyone outsources, because it costs less. It is a decision purely economic, which has not taken into account the strategic problem.
No comments:
Post a Comment