|
The Internet of Things: How A Lightbulb Brought Down Instagram
At first, messages on social media crept out slowly on the morning of October 21: “Anyone else having issues with Twitter?” “Is Instagram down?” “Can’t get to Reddit. What am I supposed to do while I eat breakfast?”
In a few hours, the problem was widespread and well known. A distributed denial of service attack (DDoS) was being aimed at Dyn DNS, a kind of Internet switchboard that connects web browser requests to their intended websites. When such an attack is leveled at a single website, such as Wikipedia, it affects service to that one site, usually making it difficult or impossible to access it at all. But when a piece of the internet’s infrastructure such as Dyn takes the hit, it affects all the websites who depend on it to forward users to their websites, a difference comparable to a utility pole falling over in your neighborhood versus a total grid shutdown.
At its most basic level, a DDoS is doing what you do whenever you point your browser to a website. It finds the web server and requests certain files, such as photos and text. The difference is in scale and intent. A DDoS aims millions of these requests from thousands of locations at the same time. So the server, which is just a computer itself with a limited capacity for executing requests, is overwhelmed. Its response is either to try to do them all at once, which bogs down response time, or to shut down in an act of self-preservation.
Infrastructure services frequently endure these attacks and are equipped to handle most, but the October 21 DDos was unusual in its size and nature. An enormous number of the requests used in the attack were not from personal computers or servers, but from smart devices such as webcams, televisions, DVRs, baby monitors, and lightbulbs. When a person attaches anything to a home network—and this includes devices controlled completely from a tablet or smartphone—the device has a processor in it, different from the processor that runs a computer only in capacity and size, usually. The processor is the brain that enables it to receive and execute commands, like dimming a lightbulb, recording a television program, streaming a song, locking the front door, or changing the station.
When a network is vulnerable, hackers with ill intent can place small programs on the devices—not necessarily viruses, but at least virus-like—that will execute a different kind of command, such as a request for info from a web server. What’s horrifying about the October 21 attack on Dyn is that it was implemented by a simple program called Mirai. Mirai basically scans the internet for vulnerable devices with a short list of 62 usernames and passwords. When it finds a lightbulb with the negligent combination of username “admin” and password “123abc,” it installs the malware, and with hundreds of millions of devices attached to this internet of things, it only has to be successful a tiny percentage of the time to find sufficient numbers to bring Twitter to its knees. And Mirai is being used by DDoS-for-pay services who accept money in exchange for launching these attacks.
This vulnerability is sometimes the fault of individual users who don’t change names and passwords on out-of-box consumer devices or who set network passwords that are too easy to crack. Other times, it’s the fault of manufacturers who set easy default passwords on devices, who don’t build into their product automatic security updates, or who don’t give users enough access for better security. On a grander scale, it’s also the fault of the original architects of the internet, who had the opportunity to build a more secure network but didn’t have the foresight to anticipate the reality that is the 21st Century internet.
The seriousness of this downtime on October 21 goes far beyond someone’s inability to post photos of a fabulous lunch. This time, the DDoS brought down services and retailers, and at worst, all it did was cost some business some money. How will a similar attack affect a power grid, emergency services, banking services, personal medical alerts, or the growing number of smart vehicles, whose steering, lights, and brakes have been proven by hackers to be vulnerable?
As the number of devices attached to the internet approaches a projected one billion within a few years, the time is now for an intense focus on security at all levels of the consumer chain. Some have speculated that this DDoS may have been a test flight for something truly malicious and severe. In late October, it was a few million lightbulbs and audio devices denying people their cat photos. Tomorrow, it could be hundreds of millions of TVs and refrigerators draining bank accounts or shutting down government services.
 |
|
RMA® Executive Search Recruiting Firm Locations: |
|
United States & Canada: |
|
Europe, Asia & Pacific: |
|
- Atlanta, Georgia
- Austin, Texas
- Baltimore, Maryland
- Boston, Massachusetts
- Charleston, South Carolina
- Charlotte, North Carolina
- Chicago, Illinois
- Cleveland, Ohio
- Columbus, Ohio
- Dallas, Texas
- Denver, Colorado
- Detroit, Michigan
- Honolulu, Hawaii
- Houston, Texas
- Indianapolis, Indiana
- Jacksonville, Florida
- Kansas City, Missouri
- Las Vegas, Nevada
- Los Angeles, California
- Memphis, Tennessee
|
- Miami, Florida
- Milwaukee, Wisconsin
- Minneapolis, Minnesota
- Montreal, Canada
- Nashville, Tennessee
- New York, New York
- Oklahoma City, Oklahoma
- Philadelphia, Pennsylvania
- Phoenix, Arizona
- Portland, Oregon
- Raleigh, North Carolina
- Saint Louis, Missouri
- San Antonio, Texas
- San Diego, California
- San Francisco, California
- San Jose, California
- Seattle, Washington
- Tampa, Florida
- Toronto, Canada
- Washington, DC
|
- Bangkok, Thailand
- Beijing, China
- Berlin, Germany
- Hong Kong, China
- Kuala Lumpur, Malaysia
- London, England
- Madrid, Spain
- Melbourne, Australia
- Moscow, Russia
- Mumbai, India
- New Delhi, India
- Paris, France
- Prague, Czech Republic
- Rome, Italy
- Stockholm, Sweden
- Sydney, Australia
- Tokyo, Japan
- Vienna, Austria
- Wellington, New Zealand
- Zurich, Switzerland
|
|
Visit Our Executive Search Recruiting Firm Locations Area For More Details. |
|
 |
|
|