In mid-October, an army of a million hacked Internet-connected smart devices almost broke the Internet.
That’s right. It was not an attack by clever Russian hackers who infiltrated companies through intercepted user names, stolen passwords or pirated information.
It was done by someone connecting smart devices – digital picture frames, baby cams, thermometers, stereos, televisions and million’s more Internet of Things devices that have their own IP addresses.
And they technically didn’t hack the Internet, they just caused a massive headache by a Distributed Denial of Service (DDoS) attack against the popular Domain Name System (DNS) service provider Dyn. DDoS attacks are when the hackers are trying to make an online service unavailable by overwhelming it with traffic from numerous sources. The traffic slows the sites down to a screeching halt so they may not be used. Think of it like a traffic jam, too many cars on the highway causes slower movement and stoppage.
Sites and services like Twitter, Spotify, PayPal, Airbnb, and Pinterest experienced outages and downtime, either completely or partially. Even gaming networks like Xbox Live and PSN had brief problems.
The question to ask: Could the attack have been avoided?
The answer: Yes
Reports say all those smart devices are sold to homeowners with roughly the same 67 default passwords built in that consumers never changed. So someone trolling those IP addresses merely kept pinging them until the device was hacked and then linked to the bot army that launched the DDoS.
Remember: All those smart devices are built by engineers with one goal in mind: connectivity. The machines just need to talk to each other. They are not designed to be secure, which is why you need to make sure to have a strong password. Computer companies learned that a long time ago when they figured out the favorite, most-hacked and least-protected device in a company was the printer, which was connected to every computer.
While the current hole has mostly been patched there will be many DDoS attacks in the future. There is nothing that a IT wizard can do to protect it, this duty falls to the user. You are the first line of defense. Have you asked yourself if your devices are protected?
