An Attack on the Internet MIS Dyn (www.dyn.com) is a cloud-based Internet performance management company that provides Domain Name System (DNS) services for Internet websites (see Chapter 6). Dyn is one of the companies that function as a directory service for the internet. The DNS is a hierarchical, decentralized naming system for any resource connected to the Internet. The DNS translates the domain names that users type in, such as www.usatoday.com, into their numeric Internet Protocol address, such as 184.50.238.11. The DNS is an essential component of the functionality of the Internet On October 21, 2016, the servers at Dyn began experiencing a distributed denial-of-service (DDoS) attack. This DDoS attacked the Dyn servers that form the infrastructure needed to make Internet connections. In a DDoS attack, the intruders first infect and then take over many computers, typically by using malicious software. These computers are called bots. The attacker uses these bots-which form a botnetto deliver a coordinated stream of information requests to a target computer, causing it to crash or cease functioning. Security experts state that such DDoS attacks are becoming more prevalent, more sophisticated, and increasingly aimed at core Internet infrastructure providers such as Dyn. How did the perpetrators generate this DDoS attack on Dyn? First, they delivered malicious software called Miral through phishing e-mails. The Miral software infected an estimated 500,000 remotely controlled Internet-connected devices-for example, surveillance cameras, CCTVs, web cams, printers, cable set-top boxes, home routers, speakers, digital thermostats, digital video recorders , baby monitors, and many others. These relatively simple devices, which make up the Internet of Things, often do not have sophisticated security The attackers now had control of these Inlemel-connected devices, which formed a botnet. They then Instructed the devices in the botnet to send a food of information requests to the Dyn servers. There were so many information requests that the Dyn servers could not handle them, and the servers stopped functioning. The DDoS attacks on Dyn were so severe that they eventually blocked or significantly slowed user access to dozens of other websites such as Twitter, Netflix, Spotify, CNN, the New York Times, Reddit, Etsy, SoundCloud, and Airbnb. Millions of American users were impacted, as well as users in Brazil , Germany, India, Spain, and the United Kingdom Security analysts believe that this DDoS attack was the largest to date. For some time, security analysts have predicted that the ballooning traffic on the Internet would mean these devices would create a huge security risk. In fact, the Internet of Things is growing faster than government's or Industry's ability to secure it. In 2016, there are some 6.4 billion connected devices around the world. By 2020, analysts estimate that number will increase to some 21 billion devices. Most security analysts state that the device manufacturers must be held responsible for better security. How to actually accomplish that remains unclear. In just one example, China-based camera manufacturer Hangzhou Xiongmai Technology Company recalled thousands of its cameras after it was told that the devices may have been used to create part of the botnet that attacked Dyn. Chipmaker Qualcomm is thinking about using machine intelligence to improve Internet connected device safety Security analysts at the company feel that they can instruct these devices to watch for certain behaviors: For example, is it doing something unusunt? Is the device communicating with some unexpected device? Questions 1. Discuss how the diurbed, denial-of-service attack on Dyn has led some security analysts to question the long- torm viability of the Internet itself 2. What is the best way for Dyn to have avoided the distributed, denial-of-service attack altogether