On 23 September, the website of Brian Krebs, a journalist and researcher specializing in security, was the victim of a distributed denial of service (DDoS) attack.
So far, so — relatively — normal: these types of attacks are sadly common on the web both for lawful purposes such as organized protests (the equivalent of a demonstration in the street), and illegal activities (silencing opinion, blackmail, etc.), to the extent that there are rental botnets services to carry them out. The fact that Krebs has covered such practices by cybercriminals, reducing their ability to operate, forcing them to find new methods, makes him routines victim.
In this case, however, the attack was of a far higher magnitude than normal, more than double that seen so far, and a lot of the devices trying to log on the page were not computers but were surveillance cameras, digital video recorders, and other home routers connected to internet of things (IoT) objects. A particular software, known as Mirai, collected 68 pairs of generic user passwords used in these kinds of devices that are readily available and did not require the user to adapt them in any way, which made them very vulnerable. Welcome to the so-called Internet of Insecure Things, which I’ve been talking about for some time.
