Smart devices like webcams and even thermostats may have been used to carry out a large scale cyber-attack, according to online security experts, Agencies report. Dozens of popular US based websites including Twitter, Netflix and Spotify were targeted in Friday’s raid.
It was aimed at New Hampshire based Dyn Inc which is one of the largest internet traffic management providers. The company’s servers were affected by denial-of-service attacks, which work by overwhelming targeted machines with junk data traffic.
Dyn Inc’s chief strategy officer Kyle York said: “It is a very smart attack. As we start to mitigate they react and start to throw something that’s over the top.” The company believes the attack involved tens of millions of internet connected devices, including closed-circuit video cameras and recorders, which were infected with malware.
Smart thermostats, which enable users to control their home heating from their smartphones, may also have been used. The attacks came in geographically shifting waves and from IP addresses from around the world. A shadowy group which calls itself New World Hackers has claimed responsibility, saying it organised a network of ‘zombie’ computers to carry out the attack.
The group claims to have around 30 members – mostly in Russia – though one, who calls himself ‘Ownz,’ claims to be a teenager from London. In a private online conversation with an Associated Press reporter he denied making demands and said blackmail was not the motive.
He said: “We will make one demand actually. Secure your website and get better servers, otherwise be attacked again.” Other members of the group said they only carried out the attack to test their power. Former deputy secretary at the Department of Homeland Security James Norton pointed out that the attack on one company had caused mass disruption for many others.
He said: “I think you can see how fragile the internet network actually is.” In the past New World Hacking has claimed responsibility for cyber-attacks on the BBC and ESPN. They have also targeted sites operated by Islamic State.