THE hacks which crippled PayPal, Twitter and Spotify are believed to have been unleashed by attackers using common devices like webcams and digital video recorders.
Dozens of the world’s most popular websites including The New York Times, CNN, Yelp and some businesses hosted by Amazon were among those affected by the hack.
Using hundreds of thousands of internet-connected devices — which had previously been infected with a malicious code allowing attackers to control them — the hackers were able to perform a sophisticated distributed denial of service (DDoS) attack.
A DDoS attack renders a website unavailable by overwhelming it with more traffic than its servers can handle — with this attack coming from millions of internet addresses.
Security firm Flashpoint has been working with Dyn — the company providing core internet services to the websites affected — to investigate the attacks.
Flashpoint director of research Allison Nixon said the attacks were linked to webcams and digital video recorders made by a single Chinese company, XiongMai Technologies.
“It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” she told security researcher Brian Krebs.“Some people are theorising that there were multiple botnets involved here.”
Global company focused on managed security, Level 3 Communications, warned “the threat from these botnets is growing” due to an increasing number of internet of Things (IoT) devices.
“The devices are often operated with the default passwords, which are simple for bot herders to guess,” security researchers wrote.
While the exact source of the hacks has yet to be uncovered, a tweet from WikiLeaks claimed its supporters were behind the attack.
“Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point,” the tweet read.