Yesterday’s Internet Takedown Was Powered by Chinese-made Webcams and DVRs

The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin
The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin May 21, 2013. The Financial Times' website and Twitter feeds were hacked May 17, 2013, renewing questions about whether the popular social media service has done enough to tighten security as cyber-attacks on the news media intensify. The attack is the latest in which hackers commandeered the Twitter account of a prominent news organization to push their agenda. Twitter's 200 million users worldwide send out more than 400 million tweets a day, making it a potent distributor of news. REUTERS/Pawel Kopczynski (GERMANY - Tags: CRIME LAW SCIENCE TECHNOLOGY) - RTXZUYO
Photograph by Pawel Kopczynski — Reuters

Yesterday, a large-scale attack on internet infrastructure disrupted Twitter, Paypal, Amazon Web Services, and dozens of other sites, most apparently linked to the domain name service Dyn. Now, security researchers say they’ve identified at least one culprit in the attack—a massive network of hijacked Internet of Things devices, including connected cameras and digital recorders, martialed to send the gargantuan waves of domain requests that overwhelmed directory servers.

Get Data Sheet, Fortune’s technology newsletter.

Remarkably, according to Flashpoint security research head Allison Nixon, most of the components involved were made by one company, China’s XiongMai Technologies. Those components, which are used in a variety of devices under other brands, include hard-coded factory-default passwords, which cannot be reset by users easily, if at all, making it simple for hackers to gain control of them en masse.

The software used to control these devices—which almost certainly number into the millions—is a malware package known as Mirai (the Japanese word for “future”). The source code for that software was made public by its anonymous creator earlier this month, meaning that any of a huge number of malicious hackers could have been responsible for yesterday’s attack.

For more on cybersecurity, watch our video.

According to security researcher Bruce Schneier, the attacks are likely unrelated to the escalating series of coordinated DDoS attacks we reported on earlier this month. But they are linked to a record-setting assault on the website of Krebs on Security, confirmed to be caused by a Mirai botnet.

This attack, then, is the realization of worst-case-scenario warnings from security experts about the risk posed by the Internet of Things. And there seem to be few options for prevent a repeat performance.

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward