When surveillance cameras began popping up in the 1970s and ’80s, they were welcomed as a crime-fighting tool, then as a way to monitor traffic congestion, factory floors and even baby cribs. Later, they were adopted for darker purposes, as authoritarian governments like China’s used them to prevent challenges to power by keeping tabs on protesters and dissidents.
But now those cameras — and many other devices that today are connected to the internet — have been commandeered for an entirely different purpose: as a weapon of mass disruption. The internet slowdown that swept the East Coast on Friday, when many Americans were already jittery about the possibility that hackers could interfere with election systems, offered a glimpse of a new era of vulnerabilities confronting a highly connected society.
The attack on the infrastructure of the internet, which made it all but impossible at times to check Twitter feeds or headlines, was a remarkable reminder about how billions of ordinary web-connected devices — many of them highly insecure — can be turned to vicious purposes. And the threats will continue long after Election Day for a nation that increasingly keeps its data in the cloud and has oftentimes kept its head in the sand.
Remnants of the attack continued to slow some sites on Saturday, though the biggest troubles had abated. Still, to the tech community, Friday’s events were as inevitable as an earthquake along the San Andreas fault. A new kind of malicious software exploits a long-known vulnerability in those cameras and other cheap devices that are now joining up to what has become known as the internet of things.
The advantage of putting every device on the internet is obvious. It means your refrigerator can order you milk when you are running low, and the printer on your home network can tell a retailer that you need more ink. Security cameras can alert your cellphone when someone is walking up the driveway, whether it is a delivery worker or a burglar. When Google and the Detroit automakers get their driverless cars on the road, the internet of things will become your chauffeur.
But hundreds of thousands, and maybe millions, of those security cameras and other devices have been infected with a fairly simple program that guessed at their factory-set passwords — often “admin” or “12345” or even, yes, “password” — and, once inside, turned them into an army of simple robots. Each one was commanded, at a coordinated time, to bombard a small company in Manchester, N.H., called Dyn DNS with messages that overloaded its circuits.
Few have heard of Dyn, but it essentially acts as one of the internet’s giant switchboards. Bring it to a halt, and the problems spread instantly. It did not take long to reduce Twitter, Reddit and Airbnb — as well as the news feeds of The New York Times — to a crawl.
The culprit is unclear, and it may take days or weeks to detect it. In the end, though, the answer probably does not mean much anyway.
The vulnerability the country woke up to on Friday morning can be easily exploited by a nation-state such as Russia, which the Obama administration has blamed for hacking into the Democratic National Committee and the accounts of Hillary Clinton’s campaign officials. It could also be exploited by a criminal group, which was the focus of much of the guesswork about Friday’s attack, or even by teenagers. The opportunities for copycats are endless.
You might want to also check out: Internet Security
The Latest on: Internet attacks
via Google News
The Latest on: Internet attacks
- Johannesburg Bitcoin Hack: Hackers Demand Bitcoin Ransom After Cyber Attackon October 29, 2019 at 10:37 pm
Such a case is the Bitcoin ransom in Johannesburg, where hackers took control of its cyber networks since last Thursday ... Ngobeni even termed the breach as an "attack on the people of the city" ...
- Cyber attack on Asia ports could cost $110 bln - Lloyd'son October 29, 2019 at 10:23 pm
Total is nearly half the cost of all 2018 natural catastrophes * Study simulated attack on 15 Asian ports * Other Asian countries seen as worst hit LONDON, Oct 30 (Reuters) - A cyber attack on Asian ...
- US retirement accounts offer tempting target for cyber attackson October 29, 2019 at 10:02 pm
Compared with breaches in other industries, cyber attacks of retirement accounts have been small in scope, says Tim Rouse, executive director at the Spark Institute, a lobby group for the retirement ...
- One cyber attack can cost major APAC ports $110Bon October 29, 2019 at 10:01 pm
One single cyber attack has the potential to cost major Asia-Pacific ports upwards of $110 billion in damages, a figure that is equivalent to half of total losses incurred from global natural ...
- Cyber attack on Asia ports could cost $110 billion: Lloyd'son October 29, 2019 at 5:33 pm
LONDON (Reuters) - A cyber attack on Asian ports could cost as much as $110 billion, or half the total global loss from natural catastrophes in 2018, a Lloyd’s of London-backed report said on ...
- Georgian Police Investigate Massive Cyber Attackon October 29, 2019 at 11:27 am
TBILISI — Georgian police are investigating a massive coordinated cyber attack that took thousands of websites offline and could have been carried out from abroad, the interior ministry said on ...
- Hackers demand bitcoin ransom from Johannesburg city after cyber attackon October 29, 2019 at 8:49 am
The cyber breach has affected the city's online electronic platforms ... have been advised to pay cash in person at banks and use other third parties payment platforms for bill payments until the ...
- Georgia ‘I’ll Be Back’ Cyber Attack Terminates TV, Takes Down 15,000 Websiteson October 29, 2019 at 1:45 am
A "massive" cyber-attack against multiple targets in Georgia has taken place on October 28, as the BBC and other media reported. Not only has this seen thousands of websites impacted but two Georgian ...
- Putin Now Has Russia’s Internet Kill Switch To Stop U.S. Cyberattackson October 28, 2019 at 5:57 pm
On the cyber front, if none of the key networked endpoints face the outside world, the task becomes harder, albeit far from impossible. RuNet does slightly miss the point that an attack at that level ...
via Bing News