The Department of Homeland Security as well as the FBI are investigating what is being called possibly the largest scale cyber-attack ever, according to Aljazeera.
On the morning of Oct. 21 the first wave of the cyber-attack began on infrastructure company Dyn, based in New Hampshire. The company is responsible for connecting individual internet users to websites by routing them through a series of unique Internet Protocol numbers. CNN reported that the company monitors more than 150 websites.
Friday’s cyber-attack used botnets — or devices connected to the internet that have been infected with malware — to launch a distributed denial of service attack that impacted companies like CNN, the New York Times, Twitter, PayPal, and others, Aljazeera reported.
USA Today explained that denial of service attacks turn unsuspecting devices into weapons by downloading malware to unprotected devices that allows them to be controlled by hackers. Hackers then use these weaponized botnets to overload the traffic to websites by sending hundreds of thousands of requests through the IP address, giving a false signal that the website is too busy to accept normal requests for access to the site.
While the cyber-attack was mostly annoying for internet users, it ultimately impacted the U.S. on a much larger scale, denying the 77 companies affected by the attack up to $110 million in revenue, according to Dyn CEO John Van Siclen.
The greater security concern is the access to individual devices that is granted because the devices were left with their default password intact, according to The Guardian. The devices used in Friday’s cyber-attack were all traced back to one company, the Chinese tech company XiongMai Technologies, which makes, ironically, security cameras.
The cyber-attack was felt as far away as Europe, and across the U.S. Wikileaks suggested in a tweet late Oct. 21 that its supporters were responsible for the breach, sending out a picture of the most affected areas in the U.S.
Military members can help protect their devices from being used as weapons by following their training on cyber awareness. Consistently changing passwords, logging out of accounts when on public computers, and protecting personally identifying information are recommended.