Dyn DDoS attack: Massive hacker violation highlights serious IoT vulnerabilities
DISTRIBUTED Denial-of-Service (DDoS) attacks are common, but most of them barely affect our average, daily Internet experiences. However, a complex attack that took place last Friday is worth paying attention to because it took down a really big chunk of the Internet.
According to the Economic Times, hackers were targeting a U.S. infrastructure company called Dyn, “which acts as a switchboard for Internet traffic”. While the company, based in New Hampshire, is far from being a household name, its customers are among some of the most-used tech platforms in the world, namely Twitter, PayPal and Spotify.
Depending on where they were based, millions of users also reported that they couldn’t access a large number of media sites including Mashable, CNN, the New York Times and the Wall Street Journal. Some businesses hosted by Amazon were also affected by the outage.
How did it happen? Hackers “used hundreds of thousands of Internet-connected devices that had previously been infected with a malicious code”. As some of those devices include webcams made by Chinese electronics company Xiongmai, which are now being recalled, the attack is clearly something we should all be worried about.
Xiongmai said in an emailed statement to Bloomberg that the malware used by hackers, called ‘Mirai’, is a “huge disaster for the Internet of Things”. “XM have to admit that our products also suffered from hacker’s break-in and illegal use,” they were quoted saying.
Case in point, a survey released by a security firm, as reported by TechCrunch, revealed that 40 percent of people are uncomfortable with IoT devices such as smart thermostats and other home appliances. Their concerns are from a security standpoint, and a whopping 88 percent of respondents believe that these devices leave their personal data vulnerable to hackers.
CURRENTLY SKYPING WITH ALLEGED PERPETRATORS OF THE IoT DDoS ATTACKS. Will report back soon. It's getting pretty heated! pic.twitter.com/XnCH5PZq93
— Johnny Xmas (@J0hnnyXm4s) October 24, 2016
Sayeth my feed: nobody buying smartwatches, VR, tablets or PCs. Hoverboards are so over & IoT devices are a menace. And Tesla X is a lemon
— Chris Anderson (@chr1sa) October 25, 2016
IoT devs right now pic.twitter.com/20iarkhuYL
— Asher Wolf (@Asher_Wolf) October 24, 2016
Investigations are currently underway, and perhaps more creepy details surrounding the “Internet-connected devices” in our lives will continue to emerge. The entire event is extremely mysterious, as while a group called New World Hackers, alongside Anonymous, is claiming credit for the attack, many security experts have gone over the evidence and are calling the groups “impostors”.
An explanation for the attack could be “industrial sabotage”, which is when companies hire hackers to take their competitors offline in order to get a leg up in business. A darker possible explanation could be that these DDoS attacks are used as a “smokescreen” for more lucrative crimes such as password, credit card information and identity theft.
In any case, the whole ominous nature of the attacks leaves any user of smart devices in a bit of a cold sweat, where retreating to a disconnected world seems like a decent idea.