What Happened to the Internet Last Week -- and Why It Matters

It's time to fix the internet's Achilles' heel.

ByABC News
October 24, 2016, 1:15 PM

NEWS ANALYSIS— -- [ABC News consultant Richard Clarke is a former White House official who served as the senior cyber policy adviser for Bill Clinton’s and George W. Bush’s administrations. He has since consulted for private companies on cyber issues and is the author of the book “Cyber War: The Next Threat to National Security and What to Do About It.”]

Somebody finally did what internet experts have been fearing for years.

That somebody was able to manipulate millions of internet-connected dumb devices, like surveillance cameras and DVRs, possibly by getting into their automatic software updates or simply by guessing the devices' default passwords. Once that password is known — most are never changed, and some may even be hard-coded so they can’t be — virtually all the devices of that type can be accessed and turned into bots.

Then at a predetermined time, all the devices sent pings over the internet to one of the largest address look-up sites. What’s a look-up site? Whenever we surf to a website, our browser quickly and invisibly connects to an address look-up site, known as a domain name server, to convert what we typed in, say www.ABCNews.com, into a long numeric address that is necessary to route you to the right place. But when the botnet flooded the address look-up site with data in what’s known as a distributed denial of service (DDoS) attack, nobody else could get through to it. Thus, when people tried to connect to some websites, nothing happened. The websites themselves were fine, but users couldn’t get to them.

Most people’s eyes glazed over when they read news stories last week about something happening to the internet. One reason for that reaction was that the news accounts were filled with terms like “Domain Name System,” “distributed denial of service” and “the internet of things” or, even worse, their abbreviations: DNS, DDoS and IoT. In this case, the IoT DDoS-ed the DNS.

Whatever was going on, it did not seem to affect our lives, or if it did, only as a small annoyance. Should we have paid more attention? I think so, and here is why:

There had been lots of these denial of service attacks before, but this one and a few others recently took advantage of the rapidly increasing number of insecure, dumb devices connected to the internet. Experts estimate there will be 50 billion such devices within five years, and few of them can ever be made secure. With that many easily hacked devices out there, these denial of service attacks could become frequent and common — especially after the source code for a large botnet, called Mirai, was released online a few days ago. Analysts say Mirai was used in last week’s attack.

The other truly disturbing aspect of these new attacks was that they went after the address look-up system, which is insecure and vulnerable. Going after this Achilles’ heel of the internet works to block traffic even if the websites have been made very secure from hacking.

There has been a lot of conjecture about who was behind these recent attacks and why.

One fear is that all these massive attacks have been a trial run for something much larger, perhaps on Election Day — something that would stop almost all internet traffic in the U.S. Before last week’s attack, U.S. intelligence agencies accused Russia of a host of cyberattacks targeting political operatives and organizations. President Barack Obama was reportedly planning a response to those attacks. So one theory is that this large attack on the U.S. internet on Friday was a Russian shot across the bow, a reminder that the U.S. is very vulnerable to an escalating cyberwar.

But experts say DDoS attacks, even huge, well-planned ones, are not impossible for amateurs, and another theory is that it could have even been done by online gamers who purportedly have used the attacks to gain an advantage in competition. Separately, a hacking group called New World Hackers claimed responsibility for the attack online over the weekend, saying it did it to “test power,” according to The Associated Press.

Whatever the answers turn out to be, these attacks prove that a nation-state or other sophisticated group could launch a similar attack on a larger scale and block large amounts of vital internet traffic. Since much of our economy relies on internet connectivity, the effect of such a major and sustained assault could be much more than just a nuisance.

Almost 20 years ago, President Bill Clinton called on internet companies to adopt a method to secure the DNS address look-up system from attacks like these. Little was done. Maybe it is time to think about doing it now.

While we are thinking about that, perhaps we should also think seriously about securing those billions of dumb devices connected to the internet. Otherwise, we might just rename it the internet of insecure things.