Norse Attack Map

Cyberterrorism, activities intended to damage or disrupt vital computer systems, is a relatively new problem.  In fact, 1994 is officially listed as the first know use of cyberterrorism, but look how far we've come in just over 20 years.  And the truth is, many of us are unwittingly facilitating its growth.

Late last week many of us sat frustrated, watching the incessant spinning of the activity indicator of our favorite internet browser.  The browser was working on, but was not able to connect to the site we requested.  It was so irritating that one of my long time tech support customers actually asked me to check out his MacBook to see if he needed to buy a new one because it was sooooo slow!  But the real cause was a series of DDoS or Dsitributed Denial of Service attacks which, unfortunately, you and I may have played a large role in facilitating. 

Welcome to the Internet of Things

Experts are attributing the attack to millions of internet connected devices that have little or no security capabilities.  Everyday things that you and I have in our homes and offices that are connected to the internet for one reason or another.  The DVR's, smart TV's, game platforms like Wii, Playstation, and Xbox, and yes even the refrigerators and thermostats that conveniently let you access them from anywhere with your smartphone.  The Internet of Things as it has been called has exploded on the scene. 

Convenient yes. Secure, unfortunately NO!

And many of these devices that are finding their way into our lives, have been hastily brought to market with little focus on just how secure they are.  After all, who would be inclined to hack a refrigerator or a TV.  Last Friday, we got the answer to that question. 

DigitalAttackMap300Millions of devices worldwide were enlisted in the attack through an automated "botnet" called Mirai. It seems the Mirai bot scans the internet for know IoT devices, looking for those that are just protected by the factory-default usernames and passwords set by the manufacturer.  And at the appointed time, it uses the devices to attack specific online targets with a barage of millions of bogus requests on major domain name service providers.  This effectively overwhelmed the DNS servers to the point that they couldn't respond to the real requests that were mixed in.  The result was an internet that was slowed to a crawl (not to mention the numerous expletives that were uttered by those who depend on the internet to do their jobs).

So what can you do to help?

As more and more of our everyday devices get "smarter" and connected there is a tremendous potential for good.  Unfortunately, there is an equally sizeable potential for dark and shadowy uses of the technology for evil purposes.

The best advice to help combat this type of cyberterrorism is the same advice we would give for any device that has the potential to connect to the internet. Only chose those devices that the manufacturer certifies can be electronically secured and the onboard software is tamper resistant.  And when installing any of these devices, be sure to set the administrator login and password to something other than the default provided by the manufacturer.

Secondly, be sure that your network/communications infrastructure is also secure.  If you don't know how to do that, get someone who does.  

We are all responsible for protecting the security of the Internet of Things.