In a Wall Street Journal article from Sep 30, 2016, author Drew Fitzgerald writes about recent attacks that were carried out by a botnet “army” against multiple targets including at least one each in the US and France.
According to the article, as many as 1 million devices may have participated in the attack.
The devices used in the attack were not massive, powerful servers or computers in some highly-connected data center. No. In fact, they weren’t even server or computers at all in the traditional sense.
These attacking devices were actually security cameras and DVRs that were hijacked and then used as a botnet to launch. This type of attack, coming from many devices spread out across the Internet, is called a distributed attack and it can be very difficult to defend against.
It’s like trying to protect yourself against a swarm of a million angry bees.
The most interesting thing about this attack is that it was very powerful even though it only used small Internet-connected devices. Because there were so many and because they were spread out, this attack was incredibly powerful.
This will be a growing threat as more and more devices are connected to the Internet. These “Internet of Things” devices (IoT) are proliferating at an amazing rate. Today, we have routers, switches, servers, computers, laptops, tablets, mobile phones, watches, video cameras, DVRs, home security, and cars.
Tomorrow we will have all of that plus millions if not billions of other devices such as: home control, thermostats, doorbells, sprinkler systems, washers, dryers, refrigerators, more cars, cable boxes, water pumps, lights, door locks, TVs, media players, personal assistants (Amazon Alexa, etc.), garage doors, drones, crop sensors, manufacturing machinery, agricultural machinery, aircraft control systems, traffic lights, municipal water systems, sewer systems, electric grid, wind turbines, weather monitoring stations, and a thousand other types of Internet devices we can’t even imagine right now.
It’s hard enough to keep your PC and servers updated and secure. How are you going to do it when you have a hundred other Internet connected devices you don’t even know need updates?
Starting right now, each of us must begin being more security conscious. Stop taking tech security for granted. Update everything you own regularly to make sure they’re patched and secure. If it’s more than you are comfortable with, get help from someone you trust or hire a professional.
Ultimately, security is going to have to change. It’s just not scalable to expect ordinary people to be technology experts and control their own security.
I believe we’ll get there. But it won’t be easy or smooth. Expect some spectacular attacks and security failures along the way. And protect yourself as much as possible.
If your devices get hacked, it’s not just you that’s affected. Once your device is hacked, it joins in the efforts to hack other devices. It’s like the technology version of a zombie apocalypse. Each infected device attempts to spread the infection.
In other words, if you aren’t part of the solution, you’re part of the problem.
Take security seriously.
– Weston Henry
Do you know all the devices in your business or home that are Internet connected? Do you regularly check for updates for them?
How can you be sure all your devices are safe from hacks and attacks when you have 50 or more different Internet connected devices to keep track of?