Hackers: hijacking our gadgets
As a leading cybersecurity reporter, Brian Krebs was always a likely target for hackers, said Jacob Silverman in the New Republic. And in September, his website duly fell victim to the biggest distributed denial-ofservice attack in history. A few weeks later, someone helpfully published the source code for the malware used to power this attack. Known as Mirai, it scours the internet for Wi-fi-connected home devices vulnerable to being hijacked (CCTV cameras, smart TVS, baby monitors and the like); then, when the hacker has control of thousands of these, it uses them to bombard the target website with phony traffic – overwhelming their networks, and crippling their ability to respond to real traffic. It was only a matter of time before hackers used Mirai to strike again, and on Friday, that came to pass. This time, however, they didn’t target a blogger. Instead, they went after the internet’s infrastructure, by attacking a firm called Dyn, a provider of Domain Name System (DNS) services.
DNS acts like a switchboard, said Robinson Meyer in The Atlantic. It directs online traffic from easy-to-remember website addresses – e.g. Theatlantic.com – to actual web servers. So when Dyn was overwhelmed, dozens of its major clients, including Twitter, Paypal and The New York Times, suffered outages, and for a period, millions of people were unable to read the news, check their bank accounts or buy goods online. This time, not much serious damage was inflicted – but such attacks are becoming an ever-growing threat as we grow more and more reliant on web-based services, while failing to ramp up security accordingly.
What this case highlights is the insanity of the internet of things (IOT), said John Naughton in The Observer. We don’t need to be able to turn on our kettles using our phones – so why risk having these devices? Often cheaply made by small firms, they have nothing like the in-built security you’d get with a computer. As a result, hackers can easily use them to get into Wi-fi systems – and turn them into weapons. The worry is that as the IOT gets ever bigger, hackers will be able to create such powerful “botnet” armies, IT security systems won’t be able to repel them, said Jamie Doward, in the same paper. The consequences would be devastating.