Do you know that more than 10 million day-to-day devices participated in the DDoS attack that happened this Friday? It was like the doomsday scenario when the devices connected to the Internet of things came up together to mount an attack on the Internet and bring down major websites in one of the worst DDoS attacks in the history of the Internet.
For many years experts have been warning that millions of unsecured “Internet of Things” devices can one day be used to create chaos because all our vital operations depend on connectivity. Around a month ago a malware was released that literally hijacked 1.5 million Internet-connected security cameras, refrigerators and other smart devices that routinely hook onto the Internet, use people’s personal information, but have very weak usernames and passwords.
The collection of the malware that mounted the DDoS attack on Friday along with the millions of devices that are constantly connected to the Internet, is called Mirai. It is often difficult to carry out the DDoS attacks of such scale using a few computers or even using a few server farms. As mentioned above, millions of devices were used. These devices were used to send signals, to relay the botnet and to communicate with other devices in order to trigger further DDoS attack messages and together they created a big web of attacks that brought down nearly 10% of the Internet.
How were these devices used?
As you know, everyday devices can be hooked onto the Internet so that we can access them and manoeuvre them remotely. For example, if a security camera is connected to the Internet, you can view what the security camera can see from your mobile phone, remotely, using the Internet connection of your mobile phone. Similarly, a refrigerator that is connected to the Internet can place an order for you if you are running out of milk. If you central AC is connected to your mobile phone, when you are approaching your house, the temperature inside your house can be brought to the level you are comfortable with by the time you reach home. Your microwave can start cooking food for you sensing that you are coming. Your music system can start playing music the moment you enter your home. Your pet feeder can feed your pet with the help of your smartphone. These days you can even play with your pet using toys that can be remotely controlled using an Internet connection. Soon you will be able to control your car and other automobiles using the Internet connection. All these devices and automobiles one day will be connected to each other and they will be constantly communicating with each other, creating a very complex web of devices.
Although all these devices use a basic level of authentication system, in most of the cases people use very simple passwords and usernames to access these devices. They can be easily hacked. They were hacked. Then their resources were used to send signals to the Dyn servers to bring them down.
So how do you know if your device participated in the Friday DDoS attack?
Although it might not be possible to know whether your device actually participated in the DDoS attack that happened on Friday, you can find out whether your device can be used in future for such attacks. There is a utility called “Internet of Things Scanner” that can scan your device and let you know if it is properly secure or vulnerable. The Friday DDoS attack was among the first incidence when more than 10 million household devices were used to carry out the operation and it must be used as a learning opportunity. People must be made aware of the importance of keeping household devices secure so that these devices are exploited to bring down the Internet all over the world.
Remember that Internet is not just Facebook, Twitter, news websites, WhatsApp, Instagram, Snapchat, Google and YouTube. Although these are the most prominent faces of the Internet to a common person, almost every service that you use these days uses the web whether it is medical services, power companies, telecommunications, financial companies, banks, insurance companies, credit card payment gateways, schools and colleges, hospitals and various government departments. Every government can be brought to its knees these days by sabotaging the Internet using day-to-day household devices.