Connected devices have been hailed as the next big thing that will change our lives for the better, but it seems that these innocent devices bring with them major security issues that when explored have the potential of bringing down the Internet for millions across the globe.
A massive cyber attack brought an Internet company down on its keens repeatedly disrupting the availability of popular websites across the United States. The hacker group claiming responsibility says that the day’s antics were just a dry run and that it has its sights set on a much bigger target. And the attackers now have a secret weapon in the increasing array of internet-enabled household devices they can subvert and use to wreak havoc.
Dyn Inc., a New Hampshire-based Internet company said that its server infrastructure was hit by massive distributed denial-of-service (DDOS) attack wherein its entire infrastructure was overwhelmed with massive amounts of junk traffic like knocking someone over by blasting them with a fire hose. The attack temporarily blocked some access to popular websites from across America and Europe such as Twitter, Netflix and PayPal.
Members of a group calling them the New World Hackers claimed responsibility for the attack via Twitter, though that claim could not be verified. They said they organized networks of connected devices to create a massive botnet that threw a monstrous 1.2 trillion bits of data every second at Dyn’s servers. Dyn officials wouldn’t confirm the figure during a conference call later Friday with reporters.
CloudHarmony tracked the massive attack that lasted for about 30 minutes early Friday affecting access to many sites from the East Coast. A second attack later in the day spread disruption to the West Coast as well as some users in Europe.
While computers and servers have been used till now to carry out DDoS attacks, “internet of things” has brought to the scene all sorts of connected devices including thermostats, security cameras and smart TVs. Many of those devices feature little in the way of security, making them easy targets for hackers.
The power of this kind of cyberattack is limited by the number of devices an attacker can connect to. Just a few years ago, most attackers were limited to infecting and recruiting “zombie” home PCs. But the popularity of new internet-connected gadgets has vastly increased the pool of potential devices they can weaponize. The average North American home contains 13 internet-connected devices , according to the research firm IHS Markit.
One of the major reasons why vendors of these small connected products do not concentrate on security is that hackers generally do not harm these devices and that’s why companies have almost no incentive of increasing the security in these devices.
Like with other online attacks, the motivation behind DDoS attacks is usually mischief or money. Attackers have shut down websites in the past to make political statements. DDoS attacks have also been used in extortion attempts, something that’s been made easier by the advent of Bitcoin.
However, it turns out that these hackers aren’t motivated by money or doesn’t have any personal grudge against any of the target companies. Instead they were just testing out the tools at their disposal and the progress they have made in using connected devices to carry out attacks. According to them, their next target will be the Russian government for committing alleged cyberattacks against the U.S. earlier this year.