Dyn Cyberattack

The Internet Broke…

October 21st, 2016 has been regarded by many as the day the Internet broke.

On that Friday, known as the Dyn Cyberattack, the United States and Europe experienced three separate waves of cyber-attacks beginning at 7:00AM ET and ending after 6:00PM.

These massive attacks effectively shut down many of the world's leading websites, impacting millions of people.

The following is a heat map of the areas most affected during that attack.

Dyn Cyberattack

Source: DownDetector – DownDetector Level 3 Outage Map

As the attacks expanded, dozens of the world's most visited online destinations and many mission critical systems, including some high-level government and contingency teams, were effectively paralyzed as millions of people were unable to access their websites.

An Act of War?

With every new wave of attacks, the FBI, US Department of Homeland Security and the US Computer Emergency Readiness Teams (US-CERT) were placed on high alert as they investigated this “digital aggression” – wondering if this was the opening round of an all-out war.

As the investigation progressed, it was discovered that the attacks were being carried out by an army of hundreds of thousands of different home devices connected to the Internet including DVR's, Wireless Routers, Cameras and even Baby Monitors.

These web-ready devices, commonly known as “Smart Devices” and part of what is referred to as “The Internet of Things” (IoT), had secretly been turned into remote controlled “Bots” by a type of malware called Mirai.

Upon receiving their instructions, the entire global force of infected devices began unleashing round after round of massive distributed denial-of-service (DDoS) attacks meant to overwhelm their intended target.

These DDoS attacks were all aimed on a single, centralized point of failure: Dyn.

If you are not familiar with Dyn, it is the Domain Name System (DNS) provider for many of the world's leading websites.

DNS acts like Internet white pages, and their role is to translate domain names like BlockchainInformer.com into a numeric address, much like you would get a telephone number by searching for a name. Take out the DNS and the World Wide Web doesn't know where to find a website.

As such, Dyn presented a single, centralized target which could be overwhelmed… once Dyn was breached, the rest of the web that relied on them simply crumbled under the pressure of the attack.

The Aftermath

After the attacks concluded and all websites recovered, it is estimated that more than $110 Million dollars were lost in revenue that day by businesses worldwide.

More than 490,000 devices had been infected with Mirai which specifically targets smart devices that run on the Linux operating system.

It is important to note that Denial of Service (DoS) attacks have happened for quite some time before that day, and there are ways to protect against these kinds of attacks. However, the scale and intensity of the attacks on October 21st were unprecedented, and the massive global footprint of the Mirai infection across IoT devices was something that had never been seen before.

As of today, it has been impossible to determine who was responsible for the attack.

The Mirai malware is still out there infecting devices and it has since been released on the Internet as open source for anyone to download, modify and use.

Why the Internet Broke…

To understand what truly happened, we need to acknowledge that the World Wide Web is always a “work in progress.”

In fact, the Web as we currently know it, has experienced a massive amount of growth and development in what has been just over 28 years of existence.

During that brief time, we have seen what was a project “originally conceived and developed to meet the demand for automatic information-sharing between scientists in universities and institutes around the world” – transform into the current World Wide Web that we now rely on and take for granted.

By comparison, computers are over 70 years old and television is over 90.

Adapting the Web to Fit New Needs

If we look back at the original vision for the World Wide Web, it stated the need for “Decentralisation,” (Sic) and that there would be “no central controlling node, and so no single point of failure.”

However, as new business opportunities and other requirements have surfaced, there has been a need to develop and apply new technology and uses for the Web. As these new features and technologies are built and added on top of the World Wide Web, we often add value to the web.

In the process, we also increase complexity and functionality. The side effect of this new development is that we often also add a certain degree of centralization.

The net result is that every new development on the World Wide Web has the potential to make sections of it more centralized, fragile and vulnerable.

Centralized = Vulnerable

The Dyn Cyberattack presents a perfect example of this vulnerability as it simply involved launching a massive distributed denial of service attacks (DDoS) onto one central target, the DNS provider Dyn.

As a result, over 70 of the world's most important websites which were managed by Dyn, were taken offline by simply taking out one central target.

Unfortunately, this centralization of key resources on the Internet is not isolated to Dyn.

Single Points of Failure Are Everywhere

You can see similar “single point of failure” vulnerabilities in many other aspects of how we interact with the World Wide Web on a daily basis.

For example:

1. Banks, Credit Cards and Other Financial Institutions – We currently need these financial institutions to manage how we send and receive money, as well as transferring other types of financial assets.

Target: Hack a bank and you can gain access to millions of dollars and all the private information of its customers. It's happened multiple times, and keeps happening, even to the most powerful and well-secured banks.

2. Governments – Many different types of records are held in centralized government computer databases. These databases present a single, vulnerable target to gain access to valuable private information.

Target: Breach a government computer system and gain instant access to millions of private records.

3. Healthcare Institutions – Patient medical records are some of the most valuable types of information for sale on the dark web. And according to the U.S. Department of Health and Human Services, the health care industry averaged close to four data breaches per week in 2016.

Target: Break into a centralized location hosting medical records and thousands, potentially millions, of patient records are stolen.

4. The Internal Revenue Service – Tax fraud due to identity theft totaled $5.8 billion in 2013 and that number was estimated to rise to over $21 Billion by the end of 2016.

And there are many more examples…

What happened?

The fact is that the web was not built to handle all the needs that are being asked of it in today's global, constantly-connected marketplace.

As we become increasingly more reliant on the World Wide Web, regularly adding millions of new users as well as millions of new devices that are being brought online due to the Internet of Things (IoT), these limitations become even more apparent. New attacks such as the WannaCry Ransomware and the EternalRocks worm, keep coming at an ever increasing pace.

Three Key Elements Were Lost

The Internet Broke

As the world wide web has developed, we have lost three key elements essential for it to work:

1. Value – The Internet does not offer a way for people to transfer value over it via Peer-to-Peer (p2).

For example, I can email anyone a photo or a song by simply attaching it and sending it.

That works great if it's a photo you took or a song you wrote, which you rightfully own.

However, if it's a commercial song or photo, that same convenience of sharing digital assets via P2P destroys the value of that photo or song as it kills off the need for the other person to buy it.

It is for this reason that we still need banks or other third party clearing houses to act as middlemen and process a transfer of value.

2. Trust – With the increasing number of sources of content and the growth of so-called “fake news“, there is no trusted single, source of truth.

As a result, even the most careful and high-level professionals can fall prey to false information.

3. Reliability – As we continue to rely on centralized websites, databases and with the growth of Internet of Things (IoT) and connected “smart devices”, we become increasingly more vulnerable to other cyber attacks.

In essence, if we continue developing the future of the World Wide Web on the current, flawed approaches that gave us the Dyn Cyberattack, there will come a point when it will simply be unsustainable.

Blockchain Will Fix It

Blockchain addresses the 3 faults:

As described in another article on this website “What is Blockchain?” written by Blockchain Institute of Technology instructor George Levy, a Blockchain can enable the transfer of value between two parties over the web, directly, securely and in a decentralized manner.

It can do this transfer without needing to enlist a third party, a move that adds a layer of centralization (and vulnerability) to the process.

In essence, by using Blockchain technology combined with Peer-to-Peer communication, it is possible to process and store transactions and transfers of value over the web between the two parties directly, in a very secure, and highly decentralized way.

Case in point is the Bitcoin network, the world's best known usage of Blockchain technology, which has been constantly running since its inception in 2009.

The Bitcoin network has never experienced an outage or been successfully hacked (although several centralized bitcoin exchanges have been hacked in the past but this further reinforces the point that centralization equals vulnerability.)

Blockchain and Distributed Ledgers

When it comes to Blockchain in actual practice, the transactions and all the data are kept in a single ledger, similar to keeping records on a centralized database, but that ledger does not necessarily need to be stored in one centralized location.

Instead the Blockchain can be copied and exact replicas can be distributed and stored across a wide, decentralized network of locations as in the case of the Bitcoin network. Because of this, some Blockchains are usually referred to as Distributed Ledgers.

This distribution of the ledger across multiple locations ensures that the data is always available and that should any of those locations be attacked and fail, the rest of the network would still have a copy of the ledger.

Additionally, since a majority of the network would need to agree on all new transactions added and modifications made to the Blockchain, the possibility of being able to overwhelm the network by a malicious attack would be drastically reduced, if not altogether eliminated, as it would require a concerted attack spread across the network.

WWW Stage 2 – Powered by Blockchain

The World Wide Web has served humanity quite well in the brief time it has been around.

However, explained in this article, it is pushing very hard against its limits and it's been in sore need of upgrades.

The fact is that the core protocols of the Web and all the various development that have been built upon it so far were not originally designed to accommodate the massive influx of new IoT devices coming on-board, and to handle the constant onslaught from hackers and cyber-criminals that deploy new attack strategies in order to prey on its vulnerabilities.

Blockchain technology and the decentralized networks and applications that it enables present a solid platform upon which the web can continue growing and evolving. There are many live Blockchain projects already making a difference and this is merely the beginning of the roll-out.

As Blockchain becomes more mainstream and organizations move towards more decentralized and distributed applications built using Blockchain technology, the Internet will regain more solid footing. This bodes well for the future of the web and is sorely needed as experts estimate that the IoT will consist of almost 50 billion objects by 2020.

Thoughts? Are You Currently Already Working With Blockchain Technology?

Are you already applying Blockchain technology? Do you know of any applications of Blockchain that you would like to share?

Let me know your thoughts on the article and tell me about your experiences using Blockchain.

Leave a comment below.


Comments are closed