Last Friday’s widespread cyber attack that took down major websites like Twitter, Spotify and Amazon was at least partly attributed to malware that infected devices called the “Internet of Things,” or simply devices like DVRs and routers that are connected to the internet and, as experts have been warning, are at a high risk of being hacked.
Since the author of the malware that was used to compromise the devices made its code open-source, experts have been warning of such a large distributed denial of service or DDoS attack. In Friday’s attack, Mirai malware was used to target IoTs and enslave them into a botnet to conduct the DDoS attack, according to security firm Flashpoint. A DDoS attack is when an attacker floods a network with information, overwhelming it and preventing it from processing requests since it can only process a certain number of requests at once. A botnet refer to computers that are controlled by one or many outside sources.
All IoTs have IP addresses, and anything with an IP address can be found through a search engine. According to CNET, hackers can find hundreds or thousands of hackable DVRs and cameras just by entering some search terms. Hackers can then access these devices by guessing the default password that they come with.
Dan Gilmor, director of the Knight Center for Digital Media Entrepreneurship at Arizona State University’s Walter Cronkite School of Journalism, explains that some manufacturers use easy-to-guess default logins and passwords for the devices and offer no update or path to fix security holes.
“Also because some manufacturers obviously don’t know what they’re doing, or don’t care (or both), when it comes to security,” Gilmor wrote in an email interview.
Changing the password, CNET explains, doesn’t necessarily change the password coded into the device.
At least some of the devices used in the attack were DVRs and web cameras. The Chinese firm Hangzhou Xiongmai has recalled millions of cameras sold in the U.S. in the wake of the attack. According to the security firm Kaspersky Lab, the firm circuit boards and software for cameras, along with DVRs and network video recorders. The company said only devices sold before April 2015 that have not been updated, are protected by default credentials and are exposed to the public internet are vulnerable. Kaspersky explained that the company blamed users for not changing default passwords on the devices.
Gilmor explains that consumers are relying on digital devices more and more, and if they can be brought down this easily, there is trouble ahead. When users can’t get to services we use every day, as was the case with Friday’s attack, it is of concern.
Dan Kaminsky, lead scientist for the cybersecurity firm White Ops, told The Guardian Friday’s attack would act as a wake-up call.
Dyn, the DNS provider that was targeted in the attack, said it was not uncommon for it to mitigate DDoS attacks, however Friday’s attack was a sophisticated, highly distributed attack involving tens of millions of IP addresses. The company said the nature and source of the attack is under investigation. Several national media outlets reported that both the FBI and the Department of Homeland Security are investigating the attack.
The Department of Homeland Security says while there is no effective way to prevent being part of an attack, there are active steps one can take to reduce the likelihood.
Image via Shutterstock
Get free real-time news alerts from the Across America Patch.