SMACK THE HACK
Friday’s attacks remind us how vulnerable we all are
Right now there are 42 computers on my personal network. That doesn’t mean I have a computer cluster in my home to rival the Pentagon’s. Instead it means I have nearly four dozen individual networked devices — from game consoles to webcams — talking to the internet from my home. And that’s a big problem. Imagine all of those 42 computers as ticking time bombs — that’s why the attacks Friday that caused dozens of major sites to crash throughout the day are so scary.
The technique, known as distributed denial of service (DDOS) attacks, involve hackers taking over tons of individual computers and using them as a massive weapon.
Sometimes they take over your Windows or Mac laptops. But more often they attack tiny computers hidden inside smart watches, fitness trackers and, most recently, web-connected home security systems.
When those IoT devices are attacked, it’s like living in a house full of electronic zombies.
When your computers are compromised, hackers can force them to send millions of bytes of bad information to servers, resulting in a backlog that can crash even the most expensive and well-maintained systems.
DDOS attacks are dangerous because they are so easy to initiate and their sources are almost impossible to track.
One modern DDOS program replaces the code inside cheap Wi-Fi security cameras — the kind you see in bodegas — with attack code.
These cameras are easy prey because they have built-in administrator passwords that most users never change. These cameras are sold in over 105 countries and are constantly connected to the internet.
This code unleashes an internet worm that first looks around the internet for more cameras to infect and then waits for orders from a hacker.
When the time is right, that hacker can start sending fake data from those cameras to the most important servers in the world, namely the ones that handle our domain name services, the systems that tell your computer the internet location of every site on the web.
The worst part? When you unplug those cameras, even briefly, all of the malicious code disappears. You may never know you’re infected until it’s too late — and resetting the camera simply puts it in line to be reinfected later.
Modern hackers are using the little computers in our lives against important strategic targets. It will only get worse.
DDOS attacks leave no fingerprints — digital or otherwise — and the hackers can easily pull up stakes when someone notices them. State actors can masquerade as hacker groups and hacker groups can masquerade as state actors.
Only the smartest and most diligent cybersecurity investigators can follow the trail. Because DDOS attacks are so short — a few hours at maximum — it’s a race to trace the zombie computer ringleaders before the trail goes cold. You can help in two ways. First, you can change all of your default passwords. You can be diligent in what you connect to your networks and consistently check and update your hardware. And you can run simple security systems on your home routers to ensure that they can’t be turned into zombie machines.
Alternatively, you can shut down all the computers in your house and sit there quietly, safe in the knowledge that none of your tiny machines are doing anything at all. And that, I suspect, is an option few of us want to fathom.
John Biggs is a writer, entrepreneur and former editor at Gizmodo and TechCrunch. He lives in Bay Ridge, Brooklyn. You can read his books at johnbiggsbooks.com.