The denial of service attack that knocked out access to many popular websites last week — Netflix, Twitter and PayPal included — revealed a major gap in the country’s online security network: Baby monitors.
Baby monitors, web cameras, thermometers, smart TVs, DVRs, even cars are all part of the burgeoning “internet of things.” When connected to the web, they allow us to take care of routine tasks with ease, often when we are far from home. But these web-connected devices also rely on remarkably weak security software, making them easy to hack.
That’s what happened last Friday, when the Manchester, New Hampshire-based Dyn Inc. was hit by distributed denial-of-service, or DDoS, attacks. Such attacks work by flooding the targeted servers with junk data traffic. The Associated Press described it as “sort of like knocking someone over by blasting them with a fire hose.”
The attack, by a group calling itself New World Hackers, temporarily darkened dozens of websites across America and Europe.
While we can all live without Twitter or Spotify for a half hour or so, the attacks are part of a troubling trend.
Attacks of this kind are limited to the number of devices to which a hacker can connect. In the past, most homes had only a home PC. That is no longer the case: The average North American home contains 13 internet-connected devices, according to the research firm IHS Markit. Those devices have little in the way of security, and since the firms that make them aren’t affected by the attacks, they have little incentive to make them safer for users. Consumers rarely update the passwords on things like adjustable thermostats after taking them out of the package and setting them up.
This has to change.
The hackers who struck last Friday, say they weren’t motivated by money, and promise their next target will be the Russian government, in retaliation for that country’s alleged cyberattacks against the United States earlier this year.
“Twitter was kind of the main target. It showed people who doubted us what we were capable of doing, plus we got the chance to see our capability,” a member of the group who identified themselves as “Prophet” told The Associated Press.
We also got to see our capability of fending off such attacks. And it was woefully lacking.