Make your home network safe
Jefferson Graham shares some advice on how to protect yourself from hacking attacks.
The attack that made many popular websites unavailable last week was launched from seemingly innocuous internet-connected devices like routers, DVRs and closed-circuit TV cameras from all over the globe.
The large-scale distributed denial of service attack (DDoS) against internet performance company Dyn caused major internet disruptions. Users were unable to access many major websites such as Twitter, Spotify, Netflix, Amazon, Tumblr, Reddit and other sites.
Here are some tips on how you can protect your home network.
Start with the router
Most folks never get around to password protecting their home router, which is used to split the internet signal to various areas of the home and sometimes to wi-fi.
Because of that, the first line of defence to your home network is to change the default password the router came with.
Look for instructions in its information booklet or by searching online by the manufacturer’s name and the router model number. Hackers and malicious programs rely on users not having done that, with lists of default passwords for pretty much every router made readily available online.
Other home devices
When possible, password protect every device in your home that’s connected to the internet, each with its own unique password.
Password managers like Dashlane and Last Pass can help you keep track of the various passwords. You can also write them down in a notebook, which while not ideal is better than having no password protection at all.
Consumers need to demand the same type of security they would expect on their smartphone for any internet-connected device they bring into their home – and refuse to buy unprotectable ones.
What about devices that won’t take a password?
Unfortunately a significant number of internet-connected devices you might have in your home aren’t set up for passwords at all.
Computer security experts say this will only start to change when consumers refuse to purchase poorly protected devices or devices that can’t easily be updated. Currently many manufacturers believe there’s no consumer demand so they don’t include good security.
Can hackers get into private data stored on a private appliance?
They can, though it’s harder and less likely to happen. The Dyn attack was launched by an automated ‘‘botnet’’ composed of millions of compromised, internetconnected devices.
This sort of automated attack is the most common, and generally only subverts devices so they can be used to send messages to knock out specific servers, known as a Distributed Denial of Service attack, or DDoS attack.
It’s certainly possible for a single hacker to find their way into a home network if the devices linked to the internet aren’t password protected, but that’s much less common.
What’s the most important thing I can do to protect myself?
Botnets and almost all network-based attacks begin with a simple phishing email, where the user is sent an email containing links or attachments that open and download malicious software or malware onto their computer.
That malware goes on to infect their system or network, opening a backdoor where hackers can come and go at will. So the best protection is to be wary of emails, especially those containing attachments or links, from unknown sources or even people you know whose accounts might have been hacked.
When in doubt, start a new email to the person and ask if they sent you something to open.
If you get an email purporting to be from a company you do business with, especially if it asks you to ‘‘update your current information by clicking the link below’’, contact the company yourself first to check.
As security experts say, ‘‘do your own typing’’, that is, don’t click on a link because it’s easier. Start a new email or open a new browser tab and type in the URL of the company yourself so you know you’re going to the real address and not a fake designed to lure you in. Remember that legitimate businesses never ask users to update or verify their personal information via links.
Be especially wary of emails claiming that you must respond immediately or threaten that without an immediate response your account will be disabled.
What is a DDOS (distributed denial of service attack)?
Internet performance company Dyn provides DNS services for a given swath of the internet, effectively its address book.
DNS stands for Domain Name System, the decentralised network of files that list the domain names human beings use, such as facebook.com, with their numeric internet protocol addresses, such as 184.50.238.11, which is how computers look for websites.
These are computers that contain databases of URLs and the internet protocol addresses they represent.
The attack hit the Dyn server that contains that address book.
Dyn provides that service to multiple internet companies. For anyone linked to a computer that used the service, when they entered twitter.com or tumblr.com or Spotify.com, via a complex series of jumps the address book is able to tell their browser which numerical IP address to look at.
The DDoS attack floods that server with illegitimate requests, so many that very few real requests can get through. The user gets a message that the server is not available. Service is intermittent because a few requests are sometimes still able to go through. TNS