Select Page
Three waves of attacks today created a widespread disruption of internet service for millions063 of people and scores of systems.  Many were wondering why they could not get on twitter or other websites throughout the day.   All day long, we observed countless folks asking in their posts:
“What happened to the internet? Why can’t I get on?”  However, it was not an actual “internet outage” that occurred, but what is called a “DDoS attack.” (see definition below) As one of the sources below stated it, It was the result of a coordinated assault on some of the underlying infrastructure that powers the Internet. Many could not access certain websites such as social media or where they do some shopping.
Needless to say, it was an exciting day in the IT and cybersecurity world.  I got 125,729 views so far on my earlier facebook and twitter version of my last two posts about this (more than 100 times more than what I usually receive).

A map showing areas of Internet outages the morning of Friday, October 21, 2016. At the time, a distributed denial of service attack on Dyn, an Internet and DNS service provider was underway by unknown sources. The map was created by DownDetector, a company that tracks such outages. (Photo CREDIT: DownDetector / Caption: USA Today Tech)

So, here is some advice on what to do and my own speculation on who could be the culprit. So, here are some clarifications and more details.

For starters, this was a “DDOS attack,” which according to the Digital Attack Map (see link below) is by definition:  “A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.” (
Whether or not you were affected by today’s cyber attack, you could be in the future not to mention that….this is a golden opportunity to make some recommendations and advice:
Most importantly, protect yourself:
 ADVICE – do at least one or more of the following immediately (in very layman’s terms):
  1. CHANGE YOUR PASSWORDS – start with the email account(s) that you use for password recover, then your social media accounts and others that you do business on.  This means a 12 to 17 digit complex password for each, none of them the same, and none containing anything related to your name, birth date or place, or any other personal information connected to you.  Then, write them down and don’t save them to a device.
  2. LOG OFF OF ALL ACCOUNTS – then log back in, and request to change the password.
  3. RUN A MALWARE CHECK, INSTALL NEW DEFINTIONS (it may not have any effect on this, as the attackers may have written malicious code that will defeat what you have, but
  4. SECURE YOUR OTHER DEVICES AND INFRASTRUCTURE – You may have devices (to include 2aprinters) that are not secure and could have contained the malware that activated today. Plus, if you own a business, you might want to consider hiring specialists to conduct red teaming and penetration tests against your network. Learn a bit more about these (a) secure use of wifi (b) what sharing and security features that you need on your computer and other devices, (c) how to secure your peripheral devices (printers, anything that takes “software,”) and (d) something called “encryption.”  There are some best practices for information security and online safety that all should be practitioners of.
  5. CONTINGENCY PLANS AND HAVING A BACKUP – consider having a backup web hosting capability as well as backup email account, social media, and other services via an entirely different host.  This could involve a bit of cost as well as some research to make happen.  This is such a concern to some corporations, organizations, and governments, that here are private companies who specialize in continuity of operations (COOP) in case their information technology is disrupted or destroyed.  So, you may want to consider for your business or personal use having a backup plan.  News media, financial institutions and those who conduct online transactions, and those who depend upon social media messaging for communications got a real wakeup call today.
  6. PURGE YOUR CONTACT LISTS OF SUSPECT PERSONS – grab a gallon of coffee or latte and go through your social media contacts lists (friends, followers, etc.) and (a) block all persons from any of 13094263_1740945662849194_1588031151140496698_nthe suspect countries in the tags listed below, any that we now have combat operations going on in (Middle East, Africa, Central Asia, Phillipines, all can be done in your facebook settings), (b) increase your privacy and security settings for these accounts, (c) Turn off the location feature on your devices, (d) do not list your phone number, real email address, mailing address, nor certain photos on your facebook and other social media pages (auto, where you live, where your children go to school, etc.) Your phone number is a gateway into your phone records, which can usually be accessed online (hacked).  Use an email forwarding account (that goes to your real one) or an entirely separate one for your password recovery and initial registration email needed to set up social media accounts.CONSIDER THIS:  It is a great thing to both learn about and even engage with other cultures. But, that does not mean that you need to be “friends” with unknown foreign nationals and expats (many of whom are phony ID’s anyways) and who may appear to be friendly or benign at first, but far too many American citizens have fallen victim to these foreigners.  It is not worth it to be letting them have a portal into your personal life and you won’t be offending them anyways by doing what all should do – decline and don’t answer any inbound friend requests, follows, and messages and just block them.Your mobile devices and your social media are your the achilles heel of your personal security!
DDOS attacks on US domain host “Dyn” and others. Twitter, Reddit, Spotify, and other sites intermittently were out during multiple waves of attacks through the evening of Friday, October 21, 2016. (see partial list below)
It is widely speculated that, pretty much anyplace that is spreading wikileaks releases on the internet. But, it is not yet known who is behind the attacks. But, we don’t yet have the proof of this.  That could be a coincidence. But, what we DO know is that foreign actors, to include the foreign intelligence services of those who conduct hostile offensive intelligence operations against the USA and her allies, have in the past and currently conduct all manner of cyber attacks, and espionage / penetration against both our defense and civilian / commercial capabilities.
THE CULPRIT OF THE CYBER ATTACKS – WHO DUNNIT? – consider the motive and who was a victim of the DDoS attacks.  The perpetrator could be any of these:
(1) STATE SPONSORED / FOREIGN INTELLIGENCE SERVICE? – maybe – Russian Federation, Communist beirut_bombing (1)China aka PRC, Communist North Korea aka DPRK, state sponsor of terrorism Islamic Republic of Iran, state sponsor of terrorism Syria, or another.  Consider that at least two of these countries, the two most volatile, may have been the target of cyber attacks in the past against them.  So, perhaps this was retaliation.  If they can build a nuclear weapon, they can certainly afford and have the wherewithal to conduct a cyber attack.
(2) TERRORISTS? – maybe – The islamic state aka ISIS were raising $4-5 million per day at one point, more than enough needed to invest in the best & brightest talent in the cyber world to work for them. This culprit could be any number of islamic terrorist groups such as ISIS.stack_of_cash
(4) LEFTISTS? – Maybe it is a test run by those allied with the clintonista cartel so they can get it right for the days before the election so they can disrupt the internet again.
(5) ANONYMOUS? – they have the ability to act at will and have been effective at it. They also promised to help bring down the corrupt, treacherous Clintonista cabal.
(6) FALSE FLAG OPERATION? – consider that the actual perpetrator of the cyber attacks could have designed this to be blamed upon someone else, or at least to delay full, confirmed detection.
Copy of IMGL0709
Cyber warfare of this kind was predicted years ago. For years, our intelligence agencies and security professionals have warned of this happening. I have attended conferences and events at the think tanks where they have talked about this and offered solutions ad nauseum. An entirely new entity has been created within our military that fights without guns or missiles called the “United States Cyber Command,” based alongside the enormous National Security Agency (NSA) at Fort Meade, Maryland.  The FBI and U.S. Department of Homeland Security are deeply engaged in a variety of efforts to protect our infrastructure, defense technologies, and economy from threats to our information technology systems and communications.
This is a form of warfare. Now we are deep in it.
CONSPIRACY AND COVERUP:   Since it has been trending like crazy all over social media today, the following deserves mention — It has been predicted that there will be even more spectacular revelations in the days right before the election, not giving the democrat party time to react. They would have a reason to interdict or disrupt the flow of certain information.  Some of the leakers of the hacked emails as well as undercover videos have declared that the “best is yet to come” and that very damning and incriminating evidence against a presidential candidate and her illicit enterprises and past, her party, her campaign, her foundation, and maybe even the POTUS, are coming. There have been concerted efforts by these entities to prevent the courts, the U.S. Congress, FOIA requests, watchdog groups, and the media from all finding out the truth, and then efforts to cover up, ignore, and explain away that truth once revealed.  Some believe that they could try to stop the source of the leaks, even under the guise of foreigners trying to affect and domestic election, or the means by which it spreads.  Social media is ablaze with speculation and circular reporting of this conspiracy theory.  It is certainly possible that this scenario is occurring, but I personally believe that it is a coincidence.  (but, see below)
But, our adversaries are just as interested in disrupting and exploiting the internet that we invented and depend so heavily upon.  So would international terrorists or financially motivated criminals.
However, our various, immense, and very costly “cyber security” and internet protective functions in our government did not see this coming nor do they know yet who did it. That just shows how vulnerable we are, not to mention dependent upon the internet.
We got caught with our “pants down” on 9/11 and other times, and this one got us, too.
WHY DID THEY DO IT ? – MY HUNCH: This was a test. A trial run to observe what our reaction to this was, what our countermeasures were, and if it could have the desired impact for future attacks. Think about it – if no one claims respnonsibilty for this series of attacks, then they obviously need to maintain their clandestine status until after their primary attack. If no money was stolen, no elections were lost, no sensitive information was compromised, and no one was hurt, then it could have been a test.  However, if this was an outright primary attack, it I wonder what its true objective was. We shall see.
BUT, WHODUNNIT? – My guess is that it was the ISLAMIC REPUBLIC OF IRAN, a state sponsor of terrorism and enemy of the United States, based upon the digital attack map data and where the attacks came from (or were made to look like they came from) and,of course, motive.  The Iranian regime has shown very little fear of our country in recent years, between its continued pursuit of nuclear weapons and sponsorship of multiple terrorist networks around the world and civil wars, not to mention their hostile rhetoric to America and her ally Israel.   And, consider this:  what if Iran is seeking to prevent the release of information that is unfavorable to them, that could be revealed via the wikileaks or other hacked communications?
  1. This type of attack could cripple our ability to  (a) communicate by social media messaging, (b) our ability to spread information via the press & social media, and(c) how we conduct our financial transactions (since so many of those now occur online, especially via mobile devices. We have become so dependent on the internet for all three of these needs. So, the results of a protracted DDOS attack could be catastrophic.
  2. I wonder if the founders ever imagined that we would have a corrupt, biased, political operative media 5-2-copycabal promoting anti-American leftists who clearly are out to diminish all of what they designed for us. If they or someone acting on their behalf did this, they will be found out.   They were savvy and devious enough to employ a number of people to devise and operate a large private foundation, conceal their communications via a private server and email accounts, and engage in a recently documented “pay for play” scheme.
  3. I wonder if the founders ever anticipated that the internet, email, and hacking could have an impact on a general election.
  4. How is it that, with such an enormous expenditure of time, money, and effort on “cyber security” that people’s livelihood and our ability to communicate could be so easily and unexpectedly endangered by foreigners and other criminals that they never see.  This is a new type of warfare.  Our government needs to step up their efforts to protect our critical infrastructure in this regard.
Short list of Websites affected by the #DDoS attack today (consider how important these are to our economy and communications):
#DDoS #wikileaks #PodestaEmails14 #Cybersecurity #HillarysEmails #DNCEmailLeaks #ClintonEmailServer #ProjectVeritas #InternetOutage #Russia #Iran #Oman #Iraq #Kenya #SouthAfrica #Taiwan #Benghazi