There’s no getting away from it, the Internet itself was under attack at the end of last week. That’s not a surprise; as this service has mentioned before, there will always be attacks and the wonder is that we don’t hear about more of them. Twitter, the BBC, Spotify and Reddit were paralysed by a distributed denial of service (DDoS) attack on Friday.
The way such attacks work is that thousands of machines are effectively hijacked and start to send random messages to the target, overwhelming its ability to cope. The system crashes accordingly. The BBC is now carrying a story that suggests the Internet of Things might be part of the problem in this instance. In other words connected devices other than computers were the source of a lot of the transmitted malware.
Normally in a DDoS attack, the machines taken over are computers – sometimes those with lax security applied. This time, analysts have suggested, a lot of the systems carrying the attack were smart home devices: meters, CCTV, printers, you could probably make your own list.
A piece of malware called Mirai is designed to find such devices on which the password has never been changed and take them over, it appears. On this occasion it hit a company that supplies Internet directory services to other machines so they can direct their own messages – so the system fell to pieces briefly.
It’s not a source of wonder that this has happened. Hackers will use whatever tools they find to hand. It’s worth noting as the first time people have ascertained that the Internet of Things has been part of an attack, but this was always going to happen.
Educate your colleagues on the Internet
The Internet of Things means that loads of devices can be connected and can communicate, which is mostly a great thing. Friday’s experience suggests they can also be harnessed to do harm.
It also suggests that if someone had changed the default passwords there would have been no problem. This is where the Internet of Things throws out another issue; unprecedented amounts of people will now (or very soon) have access to large amounts of connected appliances. In the workplace it will be down to the IT professionals to ensure that they are educated on what needs to happen to make them secure so that attacks like Mirai will pass them by.
The phone hacking scandal that hit the media a few years ago could have been circumvented if people had changed their default passwords on their phones. This is not a suggestion that the victims were in any way responsible – simply that nobody had told them there was an extra layer of protection available to them. If nobody tells the colleague who is suddenly configuring a handful of connected devices that their default passwords should be changed, we could end up sleepwalking towards a lot more DDoS attacks like this one.
The pictures illustrating this article are random images of smart technologies. There is no suggestion intended that any of the items in the pictures were involved in the attack.