More Cyber Warfare

A lot of us got a bit of a surprise on Friday, October 21st. Suddenly huge chunks of the internet stopped working for US residents, and the effects washed over into Europe as well. It soon became obvious that this was a massive Distributed Denial of Service (DDoS) attack that had been deliberately targeted to bring down a number of popular sites. Targets included Twitter, Spotify, Amazon and PayPal, so the attackers definitely knew how to get people’s attention.

The question is – what else did they want? We don’t know. They haven’t even been identified yet. Some government sources say no foreign intelligence agencies appear to have been involved, but that doesn’t mean much. After all, intelligence agencies don’t advertise much. If there’s no sign of their involvement, it could just mean they played it smart. It may have been “classic internet vandalism,” as one source described it, or it could have had more sinister motives. Right now, nobody can say.

cyber-warWhat we can say is that it was an ingenious attack. DDoS attacks work by hijacking a huge number of devices and getting them all to bombard the target with requests. The servers get overloaded and can’t put out normal traffic because they’re being swamped with data. Traditionally this has been done by getting lots of people to inadvertently install a Trojan on their computers, then when enough machines are infected, activating the network to launch the attack.

This one was different, because they didn’t focus on computers at all. Instead they recruited their bot army from the “Internet of Things.” There are a lot of devices out there now that have their own internet connection – TV boxes, smart fridges, even some cars. A major source of Friday’s attacks was a line of internet-connected webcams made by a Chinese company, Hangzhou Xiongmai. These devices didn’t force users to change the password when they set them up, so of course millions of lazy people didn’t bother. Once the attackers had the default password, they were able to take over a vast number of the cameras and turn them into traffic generators.

Security experts say that tens of millions of devices were involved in Friday’s attack – but there are billions of gadgets hooked up to the Internet of Things. The software that was used to carry out the attack is now open source; it’s been released onto the internet and anyone with some basic skills can use it to launch their own attack. Not many people will try, and most of those who do will give themselves away and be arrested before they can do any damage, but for someone who’s smart enough there’s an enormously powerful army of dumb but connected devices they can draw on. Unless manufacturers and computer users get smarter, the days of being able to rely on access to web services may be numbered.

Disclaimer: The content in this article is the opinion of the writer and does not necessarily reflect the policies or opinions of US Patriot Tactical.

Fergus Mason

Fergus Mason grew up in the west of Scotland. After attending university he spent 14 years in the British Army and served in Bosnia, Northern Ireland, Kosovo and Iraq. Afterwards, he went to Afghanistan as a contractor, where he worked in Kabul, Mazar-e-Sharif and Camp Leatherneck. He now writes on a variety of topics including current affairs and military matters.
Fergus Mason

Latest posts by Fergus Mason (see all)


Leave a Reply

Your email address will not be published. Required fields are marked *