It seems like a fine idea to have a computer in your refrigerator, be able to control your thermostat with your smartphone, and sync your DVR with your laptop. The problem is that the security for these everyday devices seems to be total junk, something that has been a topic of interest over at Boing Boing for a while now and has now reportedly hit the main headlines thanks to Friday’s major internet outage.
Many fingers have been pointed and some groups like Wikileaks are taking a bit of responsibility, claiming their supporters are behind the DDoS attacks that plagued Dyn throughout the day on Friday. Our initial post gave a run down on how this was achieved, essentially giving a crash course on how the DDoS attack was able to achieve so much:
If you’re not up on your acronyms, DNS is short for domain name system: Think of it like the contacts list of the internet, a way to get crucial information your computer needs to load a website. A distributed denial of service attack is essentially hosing a website with so much spam that it can’t keep up. This attack is making it impossible for Dyn to do its job, making it impossible for your computer to access sites because the data to do so simply isn’t there.
And now, according to multiple sources, the main culprit seems to have been the Mirai malware/trojan that takes advantage of any of those everyday items with a basic connection to the internet. The “Internet of Things” made it possible for someone to initiate the massive attack that seemed to bring the internet to a standstill on Friday, supported by the security group Flashpoint and security expert Brian Krebbs:
The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers. Last month, a hacker by the name of Anna_Senpai released the source code for Mirai, a crime machine that enslaves IoT devices for use in large DDoS attacks. The 620 Gbps attack that hit my site last month was launched by a botnet built on Mirai, for example.
As Cory Doctorow points out over at BoingBoing, the 620 Gbps figure is something one could expect from a “state actor,” but is made possible by the flimsy security behind the IoT devices that have been infected by the malware to form the Mirai botnet, supported by a report in the New York Times:
Level 3 CSO Dale Drew says that the attack only used “about 10 percent” of the half-million Mirai nodes available (a number that continues to grow). These devices are not designed to be easily updated in the field, meaning that even if security in future versions of IoT products is improved, the existing dumpster fire of the installed base of Internet of Sh*t devices will continue to rage, finding and infecting every last Mirai-vulnerable device and recruiting it into a virtually unkillable source of attacks on critical infrastructure.