The Internet of Hackable Things
Last week, the East Coast of the US experienced a service outage on many of the most popular sites on the internet, including Amazon, Netflix, Github, Twitter, Reddit and many major news outlets. The cause: a massive distributed denial of service attack (DDoS) on Dyn.com, a provider of domain name server (DNS) services.
According to Flashpoint, a cybersecurity intelligence firm, the attack was likely carried out by relative amateurs associated with the website hackerforums[.]net.
The attack was facilitated using the Mirai botnet. Mirai [wikipedia] is a program that scans the internet for IP addresses of IoT devices, mostly cameras, DVRs and a few routers, according to KrebsOnSecurity, which released a list of affected devices in the wake of its own attack by the botnet.
Once the devices are identified, Mirai infects the device by programmatically entering the factory default login credentials for the device. Like most botnets, the program then listens for commands from a central server, and once the command is received the device directs server requests at a target address. If there are sufficient requests, the target server becomes overwhelmed and ceases to function.
The potentially scary thing about the Mirai botnet is how quickly it seems to be growing. In September, Mirai was responsible for a then record-setting 665 Gigabit/second attack on KrebsOnSecurity’s servers. Days later, Mirai launched a 1.1 Terabit/second attack on OVH, a French hosting provider. The attack on Dyn maxed out at 1.2 Tbps, according to some reports cited (but not linked to) by the Guardian.
This most recent attack brings a couple of potentially troubling issues to the fore. It puts a lot of attention on security in the Internet of Things. Today there are somewhere between 6.4 billion connected devices (not including smartphones, tablets, and computers) and 9 billion IoT devices, according to Gartner and International Data Corporation, respectively. Including smartphones, tablets, computers and all IoT devices, IHS estimates there are 17.6 billion connected devices. As IEEE notes, by 2020 the total number of connected devices will reach somewhere between 30–50 billion in the next 3–4 years. Without proper security in place, that is even a small percentage of the IoT’s constituent devices can bring down core internet architecture in a coordinated attack. Dyn’s analysis of the attack cites a network of only “100,000 malicious endpoints” as being responsible for knocking out its East Coast region.
The circumstances of the attack might be somewhat unique. Commandeering a bandwidth intensive camera network may be a lucky break for now, but the Internet of Things is growing faster than current security companies and researchers are able to keep up with. As the internet takes on the load of billions of new devices in the next couple of years, I’d be more surprised if there wasn’t a major outage again. If a couple of script kiddies are able to take down the East Coast for a few hours, one can only imagine what havoc some serious expertise could wreak.
Image Credit: Pierre Metivier for the Council for the Internet of Things, via Flickr.
