Hackers Probe Infrastructure on United States Western Coast

As first reported by Ars Technica December 2nd 2016, beginning November 23rd and for 10 days after, a concentrated stream of internet traffic, otherwise referred to as a “botnet,” attacked infrastructure throughout the West Coast of the United States – every day at the same time, with each individual attack last 8.5 – 24 hours a day.

Read More: Cloudflare’s Official Report on West Coast Botnet Attack

Author  of Ars Technica went on to add”While the new distributed denial-of-service attacks aren’t as powerful as some of the record-setting ones that Mirai participated in, they remain plenty big, especially for an upstart botnet. Peak volumes have reached 400 gigabits per second and 200 million packets per second. The attacks zero in on layer 3 and layer 4 of a target’s network layer and are aimed at exhausting transmission control protocol resources.

While 400Gbps is less than half the bandwidth volume some targets have recently reported receiving, it’s still enough firepower to knock any site offline unless it invests what can often be non-trivial amounts of money for protection for DDoS-mitigation services such as CloudFlare. What’s more, in many of the recent attacks, Mirai-based botnets weren’t the sole ones participating. If the new botnet continues to grow or its resources are augmented with other botnet strains, it’s possible the combined strength could soon match or surpass the recent record-setting volumes.

For the purposes of this article I want to explain more about this information, to help some of you technologically illiterate folk out there understand everything involved here. I know technological “lingo” might as well be like alien language to some, many people think technological information is to complex to understand, but I promise it is all really simple.

Considering these attacks on the West Coast were carried out by a botnet and the article above references the Mirai botnet, you need to understand what a “botnet” is and what they are used for.

A botnet consists of a number of linked devices/computers/”things” that were assembled together, though some form of “Malware,” so that all the devices can be launched together, all at once, as a single concentrated attack. As is often the case, many of these “bots“/individual devices are unaware they have been round up into a “net(work)” and the term bot implies lethargy in a sense, meaning the devices are just kind of sitting around doing nothing most of the time – they are just…..bots.

Botnets are used for two main reasons

1.) To flood an individual network/computer/server with so much traffic the system clogs, overloads and ultimately shuts down or crashes -this is otherwise commonly referred to as a “DDoS” attack. To put it most simply, internet bandwidth is not unlimited and can be thought of much like a vehicular highway system. A DDoS attack essentially floods a connection with a spam of digital traffic, which acts the same – in principal – as a traffic jam  on a highway and can ultimately slow down that connection or take it offline entirely.

2.) To conceal the identity of the botnet host(s), or certain IP’s within the flood of botnet traffic. While some botnets, such as Hotspot Shield, use this traffic for security purposes, to conceal the addresses of their customers, most every botnet in existence is used to conceal the traffic of the botnets owner – for malicious hacking purposes.

Hackers assemble botnets by assembling IP Addresses

Every phone, smart device, tablet, computer, piece of hardware that has the ability to access “the internet” in some form or another, has something called an “IP Address.” Each IP Address is unique to each individual device and just like each human thumbprint is unique to each individual person, so to is every IP Address.

According to reports by The Hacker News,” there are an estimated “4.3 million devices” worldwide susceptible to being hijacked into any botnet in 2016. This figure is important to understand because following the Mirai botnet attack in October 2016, reporters described the attack as “opening pandora’s box” for a plethora of attacks to come in the future or how the attack was only “tip of the iceberg” in terms of what the attack could have been – they are not wrong

Read More: Mirai Botnet Attack of October 2016

It is important to note that most of these individual/unrelated botnets consist of thousands to tens of thousands of interlinked devices. Even botnets “this small,” such as Mirai, can still be big enough to cause a lot of damage or shut down the internet connections across the world.

If thousands of devices could do this, could you imagine the damage a botnet consisting of millions of devices could do?

This is a very serious problem that countries and governments around the world are currently grappling with. Two days after the Mirai attack, on October 24th, China recalled 10,000 devices they knew were susceptible to being hijacked in future attacks and on October 30th, the US Senate began to conducting meetings with security experts to discuss solutions to mitigate the growth of botnets and botnet attacks in the future.

Ironically for the US Government, the only real solution to this particular problem is strong encryption on all devices, but, as Alternative Medi4 has previously covered, the FBI has spent the better part of the last year waging a War on Encryption and limiting people/companies encryption rights/protection.

Read More: The FBI’s War on Encryption

This Content Was Created Under An Alt_Publishers License

Categories: Hacking News

Leave a Reply

%d bloggers like this: