The context for predictions of very scary things that can happen on the Internet is that they are potential future nightmares that only will come true if appropriate steps are not taken.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iWelcome to that bad version of the future.
One of the biggest fears that accompanies the great benefits of the Internet of Things (IoT) is that it is a massively insecure undertaking with literally countless opportunities for crackers to mount disabling attacks. That seems to be precisely what has happened twice in the past several weeks.
Last month, the popular site KrebsOnSecurity.com was hit by a distributed denial-of-service (DDoS) attack based on the Mirai botnet. A botnet is an army of hacked devices that are taken over by crackers. This botnet army was instructed to bombard the Krebs site with so much traffic that it buckled under the onslaught:
The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second. Additional analysis on the attack traffic suggests the assault was closer to 620 Gbps in size, but in any case this is many orders of magnitude more traffic than is typically needed to knock most sites offline.
That only was the opening act. Last week, Internet traffic in general was impacted by a DDoS attack that was sophisticated and highly distributed, according to the security firm Dyn. The Mirai botnet is thought to be at least one of the sources of the traffic that took multiple servers offline.
The key is that Mirai specializes in IoT devices to man its botnet army, according to CNBC:
The attack comes amid heightened cybersecurity fears and a rising number of Internet security breaches. Preliminary indications suggest that countless Internet of Things (IoT) devices that power everyday technology like closed-circuit cameras and smart-home devices were hijacked by the malware, and used against the servers
Computerworld’s Patrick Thibodeau sees the attack as a milestone, albeit a bad one. He cites reports that say the attack was launched from Internet-enabled cameras that have been taken over because users had not changed the default passwords.
Thibodeau then runs through the reasons that the IoT is ripe for crackers: People don’t pay enough attention to security, IoT endpoints are inexpensive and therefore not capable of supporting high-level security and that security patching is, at best, inconsistent.
Experts have been making these points for years. The difference is that there now are strong indications, if not proof, that these vulnerabilities actually are being taken advantage of by the bad guys.
The little bit of good news in this is that at least one company is paying attention: Reuters reported yesterday that Chinese firm Hangzhou Xiongmai will recall parts sold in the United States that were targeted in the attack. The far more dire news is that the experts were right.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at firstname.lastname@example.org and via twitter at @DailyMusicBrk.