Business
Hacked Devices Connected to Internet Blamed For Friday’s Massive Cyberattack
Vulnerable internet-connected devices such as cameras and digital video recorders may be to blame for the attack that took down some of the world’s most popular websites on Friday.
Malware that targets the “internet of things,” a new breed of small gadgets that are connected to the internet, may have powered the global attack, according to Brian Krebs, a well-known journalist covering computer security. Poorly secured devices may have been compromised and turned into a “botnet” that powered the attack, he wrote.
Millions of internet users lost access to some of the world’s most popular websites on Friday as hackers hammered servers along the U.S. East Coast with phony traffic until they crashed, then moved westward. The attackers hit Dyn Inc., a provider of Domain Name System services, taking down sites including Twitter, Spotify, Reddit, CNN, Etsy and the New York Times for long stretches of time. By Friday evening, Dyn said it had stopped the hacks.
“As you can imagine it has been a crazy day,” Dyn spokesman Adam Coughlin wrote in an e-mail. “At this moment (knock on wood) service has been restored.”
Security professionals have been anticipating more attacks from malware that targets the “internet of things” since a hacker released software code that powers such malware, called Mirai, several weeks ago. Kyle York, chief strategy officer of Dyn, said the hackers launched a so-called distributed denial-of-service (DDoS) attack using “tens of millions” of malware-infected devices connected to the internet.
Gillian M. Christensen, a spokeswoman for the U.S. Department of Homeland Security, said the agency and the FBI is aware of the incidents and “investigating all potential causes.”
Internet Havoc
Dyn first reported site outages relating to the DDoS attack around 7:10 a.m. New York time on Friday. The company restored service two hours later, but was offline again around noon, as another attack appeared to be underway, this time affecting the West Coast as well.
While DDoS attacks don’t steal anything, they create havoc across the internet — and are on the increase in volume and power.
Sites were affected as far away as Australia by a second wave of attacks that began at around 1 a.m. Sydney time on Saturday and lasted about five hours, said Dave Anderson, a London-based vice president of marketing at Dynatrace LLC, which monitors the performance of websites. At the peak of the attack, average DNS connect times for 2,000 websites monitored by Dynatrace went to about 16 seconds from 500 milliseconds normally.
Vulnerable World
“I have never seen severity this big, impacting so many sites and lasting over such a prolonged period of time,” Anderson said in a telephone interview. “It just shows how vulnerable and interconnected the world is, and when something happens in one region, it impacts every other region.”
Dynatrace’s analytics aren’t able to trace the source of the attacks, Anderson said.
Earlier Friday in the U.S., Krebs wrote that the timing of the attacks corresponded with the release of research conducted by Dyn’s director of internet analysis. Dyn highlighted potential connections between firms that offer to protect against DDoS attacks, and the hackers who conduct them. Krebs’s own website faced an “extremely large and unusual” DDoS attack after he published a story based on the same research, he said.
“We can’t confirm or even speculate on anyone’s motivation or relation to that research,” said Dave Allen, Dyn’s general counsel.
Common Warfare
With attacks on the internet’s Domain Name System, hackers compromise the underlying technology that governs how the web functions, making the hack far more powerful and widespread.
The DNS translates website names into the Internet Protocol addresses that computers use to look up and access sites. But it has a design flaw: Sending a routine data request to a DNS server from one computer, the hacker can trick the system into sending a monster file of IP addresses back to the intended target. Multiply that by tens of thousands of computers under the hackers’ control, and the wall of data that flooded back is enormous. A small server may be capable of handling hundreds of simultaneous requests, but thousands every minute cause overload and ultimately shut down, taking the websites it hosts offline with it.
The practice often is employed by groups of hackers. In 2012, a DDoS attack forced offline the websites of Bank of America Corp., JPMorgan Chase & Co., Citigroup Inc., Wells Fargo & Co., U.S. Bancorp and PNC Financial Services Group Inc.
‘Zombie’ Machines
A DDoS can be achieved in a number of ways but commonly involves a distributed network of so-called “zombie” machines, referred to as botnets. A botnet is formed with computers and other connected devices in homes or offices infected with malicious code which, upon the request of a hacker, can flood a web server with data. One or two machines wouldn’t be an issue, but if tens or hundreds of thousands fire such data simultaneously, it can cripple even the most sophisticated web servers.
In the case of the Dyn incident, the computers targeted were DNS servers. Without a DNS server, large numbers of websites are inaccessible by users across a country or even the world. In other words, taking away the DNS servers is like taking away all the road signs on a country’s highway system. So-called “authoritative” DNS providers like Dyn are notoriously hard to secure. Carl Herberger, vice president for security solutions at Radware, an Israeli-based internet security company, likens “authoritative” DNS providers to hospitals, which must admit anyone who shows up at the emergency room. Dyn must consider traffic going to a website as initially legitimate. In the event of a DDoS, Dyn must work quickly to sort out the bad traffic from the good, which takes time and resources, and creates outages that ripple across the internet, as was the case Friday.
Dave Palmer, director of technology at U.K. cybersecurity company Darktrace, said the most recent DDoS attacks have been linked to internet-of-things devices, in particular webcams.
No Joke
“The joke about the internet of things was that you were going to get people hijacking people’s connected fridges to conduct these attacks, but in these recent cases the culprit seems to be webcams,” Palmer said. “We will probably see, when this is investigated, that it is a botnet of the internet of things.”
To avoid massive outages, companies ramp up their capacity to try to absorb the deluge of traffic and reroute it, often with the help of a major telecommunications carrier or cloud-services provider like Akamai Technologies Inc. or CloudFlare Inc. But the only way to really prevent denial-of-service attacks may be to increase the overall security level of consumers around the world, Palmer said, a task that is getting harder as more and more devices are connected to the internet.
“This is exactly what happens when tens of thousands or hundreds of thousands of devices are left unprotected,” Palmer said.
Beauty enthusiasts rejoice! Beauty Week at Hudson’s Bay is back in Toronto for another year. It’s time to stock up on all of your fall essentials and, maybe discover some new ones.
From Friday, August 18 to Sunday, August 27, you can expect a truly elevated beauty experience in-store with incredible special offers, limited-time gifts, and exciting activations.
If you’re a diehard beauty lover, you’ll already know that Hudson’s Bay is the place to shop thanks to its extensive range of over 195 skin and makeup brands from both luxury labels and masstige brands — including Tata Harper, Estée Lauder, YSL, Nars Cosmetics, Bobbi Brown, and so much more.
Throughout The Bay’s Beauty Week, visitors can take in some at-counter activations and interactive expert-led tutorials, where there will be chances to get makeup touch-ups from top-tier brands, try a spritz of the most alluring fragrances, and sample tons of new products.
This year’s Beauty Week highlight is the ‘Best in Beauty’ tote, a meticulously-curated selection of 30 deluxe samples from an array of top-tier brands like Dr. Barbara Sturm and Shiseido spanning skincare, fragrance, and makeup — all in a super sleek bag.
The tote, which is valued at over $300, is retailing for just $39 and is a fantastic way to explore new products (without breaking the bank). However, there is a limited quantity, so if you want to get your hands on one, you’ll need to be fast.
Wondering exactly what Beauty Week’s free gifts with purchases entail? If you spend over $95 at Lancôme, you will receive a six-piece set valued at $130. Or, you can get an Estée Lauder gift valued at $170 with purchases over $80. (And that’s just to name a few.)
If you’re a Hudson’s Bay Rewards member, you’ll also get $20 in Hudson’s Bay rewards when you spend over $100 on beauty.
The Canadian Armed Forces (CAF) have several non-combat jobs, some of which do not require a college degree or past work experience.
Life in the forces has several benefits, such as paid education plans (college, university and graduate-level programs), 20 paid vacation days, health and dental coverage for you and your family, maternity and paternal leave, and pension plans. You can learn more about the benefits in detail here.
And to make it easier to gauge if you qualify, the listings also include related civilian jobs to see if it’s your ideal role.
Financial services administrator
Related civilian jobs: Financial records entry clerk, financial manager, accounting technician, bookkeeper, budget officer, cashier clerk, business planner technician, and verification manager.
Description: You’ll help budget resources for all military activities besides providing financial assistance.
Education: You need to have completed Grade 10.
Duties: As a financial services administrator, you’ll be responsible for bookkeeping and managing budgets. You’ll also provide support in accounts payable and accounts receivable.
Work environment: Those in this role work at CAF bases, on ships or overseas. You might also be expected to help special operation units, recruiting offices, schools, and medical organizations.
Postal clerk
Related civilian jobs: Mail clerk, mail sorter.
Description: You’ll provide postal services to members and their families at bases and establishments.
Education: Grade 10. No previous work experience or related career skills are required.
Duties: As the postal clerk, you’ll handle mail duties.
Work environment: Besides a postal office, you may work on a ship or a mobile postal van. You might be expected to serve with Royal Canadian Navy, the Army, and the Royal Canadian Air Force in Canada and abroad.
Dental technician
Related civilian jobs: Dental assistant, dental hygienist.
Description: You’ll be helping dental officers provide dental services to CAF members, their families, and dependents.
Education: Level II dental assisting diploma from an accredited college or a National Dental Assisting Examining Board (NDAEB) certificate.
Duties: Those in this role will be responsible for various responsibilities, including disinfection and sterilization of dental equipment, applying rubber dams, placing cavity liners, and controlling bleeding. In addition, you’ll assist in laboratory procedures like creating casts, custom trays, and mouthguards.
Work environment: This role will require you to work in a military dental clinic, a Mobile Dental Clinic, an Air Transportable Dental System, or onboard a ship. You might be expected to work on a base in Canada or other operations in other parts of the world.
Human resources administrator
Related civilian jobs: Records administrator, data entry supervisor, receptionist, office manager, executive assistant, payroll clerk, and information management technician.
Description: Provide administrative and general human resources support.
Education: Grade 10. No previous work experience or related career skills are required.
Duties: In addition to human resources administration and services, you’ll be handling pay and allowances, managing automated pay systems, and maintaining personnel records.
Work environment: HR administrators work at all CAF bases in Canada. They also work on ships and overseas to support the Canadian Army, Royal Canadian Navy, or Royal Canadian Air Force operations.
Medical assistant
Related civilian jobs: Emergency medical responder, ambulance and first aid attendant, registered nursing assistant, licensed practical nurse, and hospital orderly.
Description: Successful candidates will help treat the sick and injured in CAF units. You’ll be assisting and supporting nursing and medical officers.
Education: Minimum of Grade 11 biology, Grade 10 physics or chemistry, and Grade 10 math.
Duties: You’ll provide initial care and essential life support treatments in trauma cases. You’ll help with health assessments (hearing and vision tests, perform basic lab procedures, etc.) and initiate and manage medical records and reports. You’ll also be expected to provide support and first aid during training exercises.
Work environment: Medical assistants may serve with the Royal Canadian Navy, the Royal Canadian Air Force or the Canadian Army as part of the Canadian Forces Health Services Group. Those in this role are exposed to the same risks as the forces they support.
Porter Airlines is once again stirring the pot among Canadian airline rivals, now going after Air Canada’s Aeroplan members by offering to match their loyalty status to an equivalent of their own.
The beloved airline, which recently ranked as having the best cabin service in North America, challenged the competition for the second time this year, after previously deploying a similar tactic against WestJet in the spring.
Earlier in April, Porter presented customers with a limited-time offer to match the loyalty status of WestJet’s patrons with VIPorter levels.
Now, they’re offering Aeroplan members to seamlessly transition to an equivalent VIPorter Avid Traveller status based on their existing membership tier.
Members can then take advantage of an array of travel perks that come with flying Porter, including seat selection, baggage, and flight changes.
For those currently holding an Aeroplan membership, there are two ways to acquire the Avid Traveller status for the rest of 2023:
Status-Based Match:
- Aeroplan 25K members = VIPorter Venture
- Aeroplan 35K members = VIPorter Ascent
- Aeroplan 50K, 75K, and Super Elite = VIPorter First
Flight Segments-Based Match:
- 5 flight segments = VIPorter Passport
- 8 segments = VIPorter Venture
- 17 segments = VIPorter Ascent
- 28 or more segments = VIPorter First
Members will have to first submit their applications on Porter’s website. Registration will remain open until September 6, 2023.
In order to maintain their membership level through 2024, customers will have until the end of 2023 to reach the following reduced qualifying spend (QS) targets:
- Passport = $500 in QS
- Venture = $750 in QS
- Ascent = $1500 in QS
- First = $2500 in QS
Over the past year, Porter has launched an aggressive expansion strategy, including everything from introducing longer flights on newly-purchased jet planes flying out of Toronto Pearson, free WiFi, and a new all-inclusive economy experience.
With Canadians losing both Swoop and Sunwing as WestJet incorporates both into their mainline business, Porter’s direct competition is welcome to keep prices competitive.
-
Lifestyle8 months agoOntario Line subway construction permanently shuts down beloved Toronto bakery
-
Business8 months agoThe Canadian Armed Forces are hiring for several non-combat military jobs
-
Business8 months agoPorter’s new loyalty program promises to match Air Canada’s Aeroplan status
-
Business8 months agoPeople call out Sobeys for ridiculous prices after another expensive find at Ontario store
-
Business8 months ago‘Here, everything feels much closer’: Entrepreneur says leaving Toronto for Innisfil good for business
-
Lifestyle8 months agoWoman crashes car and runs around highway with bottle of booze on typical day in Toronto
-
Lifestyle8 months agoCanada considers capping international student visas to address housing crisis
-
Business8 months agoBeauty Week is back at Hudson’s Bay in Toronto and it’s time to get glam