WASHINGTON — Hackers now have the ability to turn any device connected to the Internet into a super cyber-weapon that can take down major websites, potentially causing havoc to the worldwide economy.
Experts say that a simple device you might have in your home — a webcam — was the key to the successful Oct. 21 attack that shut down several major websites, including Amazon, Twitter, Netflix and PayPal.
Hackers used a malware called Mirai to take over millions of Internet-enabled devices and launch a distributed denial of service (DDoS) attack on Dyn, a domain name service (DNS). Because traffic on Amazon, Twitter and Netflix is routed through Dyn, those websites were not available for many users.
“A DDoS is when crooks use a large number of hacked or ill-configured systems to flood a target site with so much junk traffic that it can no longer serve legitimate visitors,” reporter and cybersecurity expert Brian Krebs wrote on his website. “DNS refers to Domain Name System services. DNS is an essential component of all Web sites, responsible for translating human-friendly Web site names like ‘example.com’ into numeric, machine-readable Internet addresses.”
The hackers used the malware and the Internet-enabled devices, such as webcams, to overwhelm Dyn with junk content, Krebs wrote. The attack also brought down Reddit, Spotify and SoundCloud.
Hackers implemented devices attached to the so-called Internet of Things — devices wired into the web. This can include everything from refrigerators to baby monitors to cars. Often, such devices are either not password protected, or the user never changed the default password.
The malware turns the computers into bots that launch attacks on computers, websites and systems. Up to 10 million devices may have been used in the attack, Tech Crunch reported. Most of the devices were infected through webcams made by Hangzhou Xiongmai, a Chinese electronics company. Xiongmai is recalling those cameras.
Common Devices Now a Security Threat
Any device connected to the Internet of Things, including the Amazon Echo, robots, coffee pots and even a pacemaker might be used in such a cyber-attack, The Daily Beast reported. Such devices often lack the security features found on computers.
Security cameras are vulnerable to such attacks because they are connected directly to the Internet, have no firewall and often still have the default password, The Daily Beast’s Robert Graham wrote. Hackers know the default passwords and even trade them in chatrooms. Graham thinks it took the bad guys around two months to create enough bots for the attack.
Sadly, such attacks likely will increase in the future. Gartner, an information technology research firm, estimates that there are 6.4 billion connected “things” in use this year and predicts the smart home ecosystem will only continue to grow, with as many as 20.8 billion devices online by 2020.
What is your reaction? Do you believe America is ready for a major cyber-attack? Share your thoughts in the section below: