A lot of us got a bit of a surprise on Friday, October 21st. Suddenly huge chunks of the internet stopped working for US residents, and the effects washed over into Europe as well. It soon became obvious that this was a massive Distributed Denial of Service (DDoS) attack that had been deliberately targeted to bring down a number of popular sites. Targets included Twitter, Spotify, Amazon and PayPal, so the attackers definitely knew how to get people’s attention.
The question is – what else did they want? We don’t know. They haven’t even been identified yet. Some government sources say no foreign intelligence agencies appear to have been involved, but that doesn’t mean much. After all, intelligence agencies don’t advertise much. If there’s no sign of their involvement, it could just mean they played it smart. It may have been “classic internet vandalism,” as one source described it, or it could have had more sinister motives. Right now, nobody can say.
What we can say is that it was an ingenious attack. DDoS attacks work by hijacking a huge number of devices and getting them all to bombard the target with requests. The servers get overloaded and can’t put out normal traffic because they’re being swamped with data. Traditionally this has been done by getting lots of people to inadvertently install a Trojan on their computers, then when enough machines are infected, activating the network to launch the attack.
This one was different, because they didn’t focus on computers at all. Instead they recruited their bot army from the “Internet of Things.” There are a lot of devices out there now that have their own internet connection – TV boxes, smart fridges, even some cars. A major source of Friday’s attacks was a line of internet-connected webcams made by a Chinese company, Hangzhou Xiongmai. These devices didn’t force users to change the password when they set them up, so of course millions of lazy people didn’t bother. Once the attackers had the default password, they were able to take over a vast number of the cameras and turn them into traffic generators.
Security experts say that tens of millions of devices were involved in Friday’s attack – but there are billions of gadgets hooked up to the Internet of Things. The software that was used to carry out the attack is now open source; it’s been released onto the internet and anyone with some basic skills can use it to launch their own attack. Not many people will try, and most of those who do will give themselves away and be arrested before they can do any damage, but for someone who’s smart enough there’s an enormously powerful army of dumb but connected devices they can draw on. Unless manufacturers and computer users get smarter, the days of being able to rely on access to web services may be numbered.
Disclaimer: The content in this article is the opinion of the writer and does not necessarily reflect the policies or opinions of US Patriot Tactical.