Multiple cyberattacks unlike any prior internet hacking took down or stalled major portions of the internet across the United States on Friday October 21, 2016.
At 7 am a domain name server in Manchester, New Hampshire was attacked from multiple sources in what cyber experts call a Distributed Denial of Service attack. More on that below. But as the company, DYN, began to get a handle on the problem a second wave of attacks struck. The system was flooded. It stopped or significantly delayed access to major websites including Amazon.com, Twitter, Netflix, Pinterest, Comcast, PayPal and many others. In all, three attacks struck the facility that day.
How Does This Internet Hacking Differ From Previous Hacks?
Previous internet hack attacks on T.J. Max, Staples, K Mart, Neiman Marcus, CVS and other retailers targeted consumer credit and debit card data. Hackers sought account numbers for their own financial gain. But this internet hacking was different.
This time, hackers pinpointed a key internet infrastructure company with the goal of bringing down the internet itself. The sinister forces succeeded in at least preventing access or slowing things down for significant portions of the day.
How Does Internet Hacking Target a Server?
Key facilities like the company Dyn act essentially as a switchboard. Like a phone book, the servers keep a massive list of domain names, converting them into Internet Protocol, or “IP” addresses as computer users seek specific sites. When you type in Amazon, or attorney-myers.com for that matter, companies like Dyn act like a middleman, hooking you up through the right internet connection to the correct site.
What is a Distributed Denial of Service?
The way this Distributed Denial of Service, or DDoS, attack worked involved an orchestrated flooding of the Dyn servers as coordinated as it is devious. The DYN servers were overwhelmed with massive numerous simultaneous traffic from junk requests initiated in a hacker-created network called a botnet. The botnet takes in a multitude of gadgets the hackers have essentially hijacked to their own ends. They could be security cameras, routers, baby monitors or anything else with smart technology keyed into the internet. The unwitting gadgets receive viruses and malware, setting them up to initiate coordinated zombie attacks when directed by the hackers.
A piece of malware called marai essentially spiders out, turning computer systems into remotely controlled botnets that can be activated in massive cyberattacks. Tens of millions of junk messages are said to have flooded the facility, rendering it unable to respond to legitimate traffic.
When hackers triggered the attack, internet users at first on the East Coast, but later across the country and worldwide experienced slower than usual internet speeds, interruption of service, inability to contact websites listed above, and other technical issues.
Keepers of the server company and other bits and pieces of the complicated infrastructure of the internet struggle to stay a step ahead of hackers.
Internet Hacking Roots & Motives
Back in 2007 hackers broke into retailers T.J. Maxx and Marshalls, electronically pilfering data from at least 45.7 million consumer credit and debit cards in a case believed to be the largest such breach at that time. Parent company TJX Companies ended up paying a $9.75 million settlement in 41 states, and one hacker, a former government informant, received a 20 year sentence for his role in the cyberattack.
North Korean Hackers brought down movie giant Sony Pictures in 2014 bringing the $8 Billion a year movie production company to its knees and literally shutting down movie theatres. The breathtaking size and scope of the hack drew attention even from U.S. President Barak Obama who indicated such events had to stop. More here.
Internet hacking is so common that Money Magazine claims that at this point it is more likely than not that some of your personal information has been compromised. More here.
Legal Issues Raised By Internet Hacking
So you run a company. Your finances, your daily operations, your telephone system and other lifelines are all rooted in the internet. The internet crashes causing you to fail to deliver on promised products or services.
Whether it’s your production and delivery of a product, or your ability to provide services, say a telephone and telephone answering service to a company that relies on your service to run its million dollar sales operation.
Who is liable when the crash occurs? There are many server companies. Do you know who yours is? Is it the only one? What is your own liability? Sure the hacker is liable but who are they, where are they and even if found, what if they have no assets or insurance to pay damages. Believe it or not internet hacking insurance is now available.
Now that hacking happens somewhat regularly, internet failures are foreseeable. Any attorney will tell you that reasonable foreseeability coupled with the failure to take precautions come together to form the basis of liability. Call it personal responsibility; these are the basic elements of negligence law.
Individuals and businesses increasingly rely more and more on the internet. These questions are not hypothetical. They are here and now.
What’s Next for Internet Hacking?
Homeland Security and FBI specialists actively seek the root of the DYN attack. Cyber experts have warned for years that the millions of smart devices connected to the internet are vulnerable and could be used in an attack.
Despite the lessons learned – or not learned – from the T.J. Max attack in 2007, retailers continue to find themselves targeted by hackers.
If the failure to stop that brand of hacking is any indication, expect more direct attacks on the internet itself as shady characters in the cyber world test their underhanded abilities.
The author, Andrew D. Myers, is a personal injury and bankruptcy attorney with offices in Derry, NH and North Andover, MA.