In the last several days, we have seen big distributed denial of service (DDoS) attacks against DynDNS, an Internet services company that provides domain name services (DNS) to many companies including Twitter and PayPal. DNS is how web sites are found on the web, you enter a web address in your browser, and DNS finds the website you are looking for. When attacked in this way, DNS stops working because the flood of requests overwhelms the DNS servers ability to provide responses. These attacks took down the Internet on the east coast first, and then the west coast, for a period of several hours each on different days.
This particular DDoS attack is using the Mirai botnet. This is a botnet comprised largely of Internet of Things (IoT) devices such as web cams, DSL and cable modems, DVRs, smart TVs and Routers. Read more here:
What We Know About Friday’s Massive East Coast Internet Outage
West Coast under web attack: Twitter among huge number of blocked sites
Some officials are thinking that these attacks may be trial runs leading up to the National Election next week. There has been other evidence of attacks mounted against the electronic election infrastructure. Here are some articles of interest.
From Russia with grudge: hackers accused of trying to sway US election
Or this one from Silicon Beat.
US Gov’t Officially Accuses Russia Of Hacking… Question Is What Happens Next
And someone has been attacking the voter registration databases. All fifty states have been scanned for weakness, and at least 13 states have declared a breach. Three presenters at the Cyber Security Summit (an Army General, a DHS Under Secretary, and a Regional Director of the SBA) mentioned this issue. The government it taking this threat seriously, although each of them doubted the ability of a hacker to actual change vote totals at this point.
This does not bode well for our election.
Share
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com