Were you a part of the attack on Twitter?
By now you’ve heard the news. Major sites like Twitter, Spotify, Amazon and Netflix suffered server issues yesterday due to a massive hack against Internet management provider Dyn.
But, reality check — this isn’t anything new. In fact, cyber security experts have been talking and warning about these kinds of security breaches for years.
One of those people is North Dakota University System Chancellor, Mark Hagerott. Hagerott has spent much of his career working with government and education systems in the field of cyber security. Most recently he served as deputy director of the Center for Cyber Security Studies at the U.S. Naval Academy.
And what he sees is a lack of awareness around cyber security. He calls the digital world the equivalent of the “lawless wild west.”
This week, we saw a glimpse of just how massive this wild west can be. And, as this headline implies, you might be playing an unwanted role.
The Internet of Things
Let’s take a closer look at the attack. What we saw was a distributed denial of service attack (DDoS), which means it came from multiple different servers. Usually, these are controlled by hundreds of hackers — as in, actual people on their computers. But with this attack, it is widely speculated that these servers were controlled by a new, foreboding strength. That is the strength of the Internet of Things.
The Internet of Things, or if you want to sound real tech-savvy IoT, is basically the collection of all machines that are connected to the internet. And there are a lot.
In 2016 alone, there is an estimated 6.4 billion devices connected to the internet. By 2020, research company Gartner predicts at least 2.1 billion devices (and that is on the low scale compared to other predictions, reaching over 50 billion). Pair that with the ability to control parts of the internet, and you begin to see what we are up against.
“It [the hack] looks like it was a DDoS using basically zombie bots,” Hagerott said. “We have all these things connecting to the internet. They can communicate and send signals to each other. And if a virus gets in there, they can basically become a robot army.”
Yeah. Scary. And it gets scarier.
If you own a smartphone, a laptop, a smart watch, or any other “smart” device that can connect to the Internet, your personal devices are a part of the Internet of Things. Which means that any of those devices is available to be “enslaved.” And here’s the freaky part — you might not even know it.
Hagerott paints this picture. There is something called “dark web” where a lot of sketchy activity takes place. And in this realm, there is headhunting for devices that can be used to commit criminal activity. So basically, some dark web hacker could get access to your device, and then rent it out to someone else to use to hack into a random computer in Brazil (for example.)
“People get rich by finding machines, taking control — you would never know — and then someone rents it from this guy,” Hagerott said. “All you would experience is that your machine is slow for a few hours because it’s being used to attack.”
In the case of this attack, Hagerott said most of the machines were identified as coming from outside of the United States. But it is conceivable he said, that “people’s own computers, or own refrigerators, if they’re on the internet, are part of the attack.”
Update: It appears they were in fact, cameras. O_O
Digital to Physical
While this attack was a bit of a nuisance — like, dang it I can’t post a Tweet — in other instances digital war has been devastating.
In Saudi Arabia, for instance, 35,000 computer hard drives were completely wiped by hackers in a massive attack in 2012. Target and Yahoo have also been recent victims, resulting in millions of credit card numbers exposed and hundreds of millions of accounts stolen.
Perhaps even more frightening — look at politics. The cyber activity in this election is “unprecedented” Hagerott said. It illustrates how cyber activity directly impacts who gets into office and how whole countries are run.
For example, he points to Alaska’s voting system in 2014, wherein they launched the first internet voting system. Cyber security experts across the nation warned that the system was riddled with flaws, and would be an easy target for foreign entities to control a spot in the US Congress. Alaska did it anyway.
“They went ahead to internet based voting that was shown to be vulnerable,” Hagerott said. “China could have gone in and picked the Alaskan senator to win.”
It’s not hard to imagine how this could affect politics on a larger scale — and unfortunately the democratic system that is arguably a strength of the United States, is a weakness in the cyber world. Because each state has their own voting system, often, as withAlaska, they can be easily hacked.
“People don’t understand we have superpowers in cyber — like China and Russia,” Hagerott said. “Could the state of Wyoming stand up against a power like Russia? I don’t think so.”
So what do we do(?!?)
All of this can sound foreign and frightening. The digital world may seem like another dimension, with things like “cyber armies” and “digital wars” like something out of a sci-fi movie.
But as we saw this past week, and as we have been seeing slowly but surely over time, this is no longer something we can ignore. After all, as users of internet-connected devices, we are all part of the digital world.
Take heart, there are “good guys” out there in cyber world, too. Initiatives like Google’s Project Shield, for example, are working to protect from DDoS attacks like the one we saw on Friday.
But the most effective way to respond, Hagerott said, is with individual awareness.
“Start reading up on cyber security. Be careful what you click on. Start educating yourself,” he said. “A lot of this is equivalent to the militia, to having a rifle hanging above your fireplace. You gotta keep your powder dry.”
_ _ _
To start reading more on cyber security, here’s some recommendations:
KrebsOnSecurity.com — thorough articles on the state of the cyber world.
Watch Mark Hagerott’s talk on cyber security from TEDxBismarck, here.