Hackers Use "Internet Of Things" To Bring Down The Internet
By Daisy Luther/daisyluther.com October 25, 2016
Share this article:
You know all of those cool, sci-fi gadgets that people are beginning to get that are connected to the Internet in their homes?
The
voice-controlled thermostats, the wireless printers and cameras, the
home security systems, the food scale that sends the calories to your
phone app, those "smart" appliances that text you to pick up milk, and
the DVRs that can be programmed via your phone from work?
Apparently,
those things may not be so smart after all because they played a big
role in the cyber attack that took place last Friday.
Security analysts believe that Friday's attack on popular
websites such as Reddit, Twitter, Netflix, and Spotify was the first
one carried out by hackers who used the "Internet of Things."
Here s how the Internet of Things works:
Who else thinks that this is how Skynet got started? Maybe it s just me.
The attack was on one service: Dyn.
The
massive attack took down the Internet across the country. The website
Downdetector provided a map that shows how much of the US was affected:
The attack was on one company, and everything else fell over like a row of dominoes.
All of the companies involved use Dyn, a cloud-based Internet performance management company.
Dyn was the target of the attack, and that, in turn, affected other companies.
Dyn
is sort of like a phone book that directs users to the Internet address
of the website. On Friday a distributed denial of service attack,
(DDoS) affected Dyn by sending thousands of messages at the same time,
which overwhelmed the service.
Security company
Flashpoint said it had confirmed that the attack used "botnets"
infected with the "Mirai" malware. From their site:
Flashpoint
has confirmed that some of the infrastructure responsible for the
distributed denial-of-service (DDoS) attacks against Dyn DNS were
botnets compromised by Mirai malware. Mirai botnets were previously used
in DDoS attacks against security researcher Brian Krebs' blog "Krebs On
Security" and French internet service and hosting provider OVH. Mirai
malware targets Internet of Things (IoT) devices like routers, digital
video records (DVRs), and webcams/security cameras, enslaving vast
numbers of these devices into a botnet, which is then used to conduct
DDoS attacks. Flashpoint has confirmed that at least some of the devices
used in the Dyn DNS attacks are DVRs, further matching the technical
indicators and tactics, techniques, and procedures (TTPs) associated
with previous known Mirai botnet attacks.
Coincidentally, many of the vulnerable "smart" devices are made in China.
Many
of the devices involved come from Chinese manufacturers, with
easy-to-guess usernames and passwords that cannot be changed by the user
- a vulnerability which the malware exploits.
According to the BBC:
"Mirai
scours the Web for IoT (Internet of Things) devices protected by little
more than factory-default usernames and passwords," explained
cybersecurity expert Brian Krebs, "and then enlists the devices in
attacks that hurl junk traffic at an online target until it can no
longer accommodate legitimate visitors or users."
The owner of the device would generally have no way of knowing that it had been compromised to use in an attack.
I'm
sure those easy passwords and vulnerabilities aren't deliberate. China
would never sneak Trojan horses into the USA, would they?
Originally published at DaisyLuther.com - reposted with permission.
No comments:
Post a Comment