Archive 5 min read

DDoS Attacks & Community Responsibility

DDoS attacks are scaling to new heights using record numbers of compromised machines. What are your responsibilities to the rest of internet community?

DDoS Attacks & Community Responsibility

Watch this episode on YouTube.

Reasonably Accurate 馃馃 Transcript

Good morning. How's it going today? It's Friday. Um This is episode 14, let's say 14, whatever it says down here, um or up here, depending on where you're seeing it. Um Hopefully you're off to a good start to your day.

Um For me, I uh started off the day a little early recorded a quick little promo for uh my talk by, for South by Southwest in a couple of weeks. There we go. That's better. Um So, uh I'm gonna be spending a bit of the time this morning editing that together.

Um Try to make that a nice little tight, uh you know, two minute promo um just to kind of introduce the topic. Um And I find uh a not only is that useful for the audience or generating interest from a potential audience, but it's good for me as a speaker too.

I can kind of, it's another opportunity to tighten up that message and to really be able to articulate what a talk is all about. And in this case, it's about the surprising prevalence of robots within our industrial framework. So we don't see them day to day, but we see them throughout the manufacturing, throughout cities, they're sort of hidden in this layer behind the scenes and there are some very real security concerns around them.

Um Simply because we've made the same mistakes we make with everything um time and time again. So it's going to be a good talk, it's shaping up real nice and look for that promo probably early next week on the Trend micro social channels.

So um instead of at market NC A where you can find me at Trend Micro or on the Trend Micro uh Facebook page as well, which I'll link to below. Um So interesting, a little bit of a branded work for me, which I don't normally do.

Um But uh looking forward to seeing how that trailer is shaping up. Um So yesterday, uh you know, standard day, of course, late in the afternoon, we get some really interesting news. There was a brand new record setting.

Y this is not a good record denial of service or distributed denial of service attack. And that's essentially when a whole bunch of systems attack, one particular system. So Attackers don't get into this game where it's like, oh, you know, I've got a bigger system than you and I can you down because that's too expensive for Attackers to do.

So what they do is they compromise a whole bunch of other systems then use those systems to attack their target. That's a distributed denial of service attack. Now, the interesting things about these attacks is the attacks themselves are not designed to steal any data.

They are designed to disrupt services to take something offline. And yesterday's target was github. Github is a large code repository code collaboration site. A lot of open source projects um work on it. I contribute regularly to some projects that I am building on my own um to other projects around uh from different teams.

It's a really wonderful service. Um And a lot of developers have sort of embraced it, but taking it down, it's a popular target. It gets taken down a lot or attempted to take down a lot. Now, it's got a huge amount of infrastructure behind it and a lot of good services in front of it to prevent it from being taken down offline.

And yesterday, the brand new record was 1.35 Terabits per second. So um you think most home connections max out at one gigabit per second download, this is 1.3 terabits per second. Um So 1000 times that, that's quite a lot or 1.35 times your gigabit connection at home.

If you're lucky enough to have a gigabit connection at home, a lot of people are still on 50 or 60 meg so massive scale attack. Um And that is uh quite significant um because it took the system, it took github down off line for eight minutes.

It doesn't sound like a lot, but it's actually quite significant given the defenses behind it. Um And again, I, when I opened up this article, I went, oh, here we go. This is another uh give me another example of IOT devices.

So things like um smart cameras, um like um light bulbs, you know, just the devices that were connecting in our homes being compromised and pushed down. The last record setting attack was actually all security cameras that were compromised.

So the kind of things you buy like a Costco or Walmart set up in your small business. And the interesting thing is that this that type of attack last time shifted the economics because the actual owners of the devices didn't see any negative impact.

So they didn't know they were being involved in this massive record setting attack. So I opened up this article on Wired, I think it's from Lily Allen Hay, I'll link it below and if it's not by Lily, I apologize, but it was really interesting because I said, OK, yeah, this is going to be another IOT attack and it turns out it wasn't, it was a bunch of what's called mem cache servers.

Now mem cache is a component that people use in building web applications. So there's about 100,000 servers that were involved in this attack and basically what it is is mis configuration. So this ties back to what we talked about a few episodes back around DEV ops and around teams using the amplification of the cloud.

So the ability to do more with less or less people on your team. Um But then unfortunately, um not understanding all the implications. Um So these were web applications, pieces of web applications redirected and used to attack github and they took it down.

And it was really interesting because those 100,000 are not going to be secured or locked down right away. So this vulnerability will exist for quite a while and this draws. So the issue of DEV ops and culture of using a lot of tools and sort of that full stack engineer, are they capable of locking things down appropriately and configuring things to make sure that their apps are doing what they intend to and only that.

Um And it brings up a larger question of community. If you're online and running a service online, what's your responsibility to others around you? Um Is it OK if your systems are attacked? Is there liability there? Now, in some jurisdictions, there is um in other areas there's not.

And this is a question of what kind of neighbor are you, you know, are you that neighbor who's always yelling and no one likes to live next to um or are you uh at least making sure that your systems aren't being abused to attack other people?

Really fascinating, really interesting. We'll see what happens from the um outcome from this one. Unfortunately, I don't think much, obviously github will adjust their defenses a little bit. But I don't think these 100,000 vulnerable ma cash servers are going to get attended to anytime soon.

Very similar to the botnet that took down the security camera botnet. Again, there was no motivation for people to patch with this one of mem cache. They may be a little different in their motivation. But again, we saw two weeks ago a rash of management tools exposed online.

This is happening more and more where people are deploying a lot of stuff and they're not sure how to lock it down. There's a lot of issues tied to this lot of nuance something I will dig into after South by Southwest, just like the IOS stuff because that's priority one right now is getting that rogue robots talk locked down.

You're going to see a lot more from me on social in the next week leading up to the festival as always looking forward to talking to you guys. Hit me up, marknca down in the comments below.

Hope you guys have a Great Friday. Hope you have an even better.

Read next