Corporate debt recently passed the $1 trillion mark in a continuing sign of global financial displacement.Marketsread more
"Federal debt, which is already high by historical standards, is on an unsustainable course," CBO director Phillip Swagel said in the report.Politicsread more
Target CEO Brian Cornell still thinks the U.S. consumer is strong and spending. Target's latest quarterly results showed the big-box retailer is benefiting from that.Retailread more
Stocks rose on Wednesday as strong quarterly results from retailers such as Target and Lowe's lifted investor sentiment.US Marketsread more
President Trump insists the economy is healthy and says the only thing holding U.S. growth back is the Federal Reserve.Marketsread more
Trading volumes this week are well below their recent averages and that means this comeback may be suspect.Marketsread more
The rule could defy a 2015 Flores Settlement Agreement court order that says families cannot be held in detention for more than 20 days.Politicsread more
Bank of America CEO Brian Moynihan is not worried about an economic slowdown, saying the U.S. consumer is still in a strong place.Banksread more
In a second-round of tweets aimed at the U.S. central bank, the president asked, "WHERE IS THE FEDERAL RESERVE?"Marketsread more
J.P. Morgan Chase customers will no longer be able to pay with their phones in stores beginning next year.Marketsread more
At some point Friday morning, one of the U.S.'s critical internet infrastructure players was hit with a staggering distributed denial of service (DDoS) attack that took out huge swaths of the web. Sites like Twitter, Netflix, Spotify, Reddit, and many others — all clients of a domain registration service provider called Dyn — have suffered crippling interruptions and, in some cases, blanket outages.
Details are now emerging about the nature of the attack. It appears the cause is what's known as a Mirai-based IoT botnet, according to security journalist Brian Krebs, who cited cyber-threat intelligence firm Flashpoint. Dyn's chief strategy officer Kyle Owen, who spoke with reporters this afternoon, later confirmed Flashpoint's claim, revealing that traffic to its servers was clogged with malicious requests from tens of millions of IP addresses in what the company is calling a "very sophisticated and complex attack."
A Mirai botnet essentially takes advantage of the vulnerable security of Internet of Things devices, meaning any smart home gadget or connected device anywhere that has weak login credentials. Mirai, a piece of malware, works by scanning the internet for those devices that still have factory default or static username and password combinations. It then takes control of those devices, turning them into bots that can then be wielded as part of a kind of army to overload networks and servers with nonsense requests that slow speeds or even incite total shutdowns.
More from The Verge:
So by wielding a botnet against Dyn, the perpetrator of this particular DDoS attack has been able to target one of the largest pieces of online infrastructure in the country and take down dozens upon dozens of sites. Dyn manages what is known as a domain name system (DNS) service, which is how computers translate a web address into the correct numeric machine code corresponding to a given website. The Department of Homeland Security is now looking into the attack, considering how critical a DNS interruption like this one is to internet use around the country.
The Mirai software is freely available on the internet, meaning any hacker state-sponsored or otherwise could be behind today's DDoS. A user going by the name of "Anna-senpai" uploaded the Mirai source code to English-language site Hackerforums. The hacker's own words appear to suggest he or she leaked the code because security experts were beginning to defend against it. "I made my money, there's lots of eyes looking at IoT now, so it's time to GTFO [link added]," Anna-senpai wrote. Before doing so, a Mirai-based botnet attack even targeted Krebs' own security blog, failing to bring it down but nonetheless mounting a historically large DDoS attack.
Krebs suggested the act of leaking the source code was intended to throw off the trace for any federal investigators. "It's an open question why Anna-senpai released the source code for Mirai," he wrote earlier this month. "But it's unlikely to have been an altruistic gesture: Miscreants who develop malicious software often dump their source code publicly when law enforcement investigators and security firms start sniffing around a little too close to home."
However, with Mirai out there for anyone to use, the threat of an IoT botnet attack is now significant. "My guess is that (if it's not already happening) there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth," Krebs wrote. "On the bright side, if that happens it may help to lessen the number of vulnerable systems."