The distributed denial of service attack that sent Internet users into a tailspin Friday was the most powerful of its kind by far, say cybersecurity researchers, and they're especially alarmed because it looks to be the work of amateur hackers. Twitter, Netflix, Reddit, and other sites went down as the Mirai botnet took over poorly protected "Internet of things" devices like DVRs and webcams—whose owners hadn't changed the devices' default passwords—and bombarded domain host company Dyn with traffic so regular users couldn't get through. Apparently there were a lot of insecure devices out there to use. Dyn says there were "100,000 malicious endpoints" leading an attack twice as powerful as any other DDoS attack reported, per the Guardian.
Researchers from cybersecurity firm Flashpoint suspect the attack was tied to the community at Hackforums.net—where the Mirai source code was published earlier this month, per Mashable—and was meant to target a video game company, perhaps the PlayStation Network, reports Computer World. If amateur hackers did so much damage, "imagine what a well-resourced state actor could do with insecure IoT devices," says a cybersecurity rep at the Council on Foreign Relations. "We have a serious problem with the cyber insecurity of IoT devices and no real strategy to combat it." Experts recommend users reset an IoT device to its factory settings to erase any existing malware, then create a new password immediately.