Did your TV toast Twitter? No? Perhaps your freezer froze it then. And no, I haven’t gone mad. These are legitimate questions that the owners of thousands of “smart” devices – the Things that make up the Internet-of-Things – might be asking themselves.
Let’s roll back a little. On October 16th, Dyn, a company that provides internet infrastructure services for Reddit, Spotify, Netflix, Twitter and many other online brands was targeted by criminals. Dyn was the target of a Distributed Denial of Service (DDoS) attack, where the attackers use “botnets” – a large number of compromised or poorly secured systems – to swamp the target with so much traffic it can no longer effectively communicate with real visitors.
The attack almost completely crippled Dyn’s ability to serve DNS queries, a key component in traffic routing on the Internet. Users attempting to access online applications and services run by Dyn’s customers were denied access for many hours. Some of the biggest names in eCommerce were offline and unable to do business.
DDoS attacks like this are nothing new, but the growing market for smart home devices, such as TVs, toasters and fridges, has introduced significant new risk. As competition in the market has grown, profit margins have tightened and security standards for these devices have fallen by the wayside, creating a dangerous new platform for criminals.
Mirai, one of the most prevalent bits of malware utilising IoT devices to perform attacks, is reported to have over 150,000 devices at its disposal. Mirai was responsible for two of the largest recorded DDoS attacks in the history of the Internet (620 gigabits and 1 terabit of attack traffic per second), both in the past few months. There is growing consensus in the security community that Mirai was responsible for the attack on Dyn also.
Five or ten years ago, network engineers probably guessed that their fridge could automatically order milk for them in 2016, but never thought they would have to dodge the fridge being virtually thrown at them at high speed. But, yet again, for better or worse, the world of technology moves on and those of us in it are having to pick up the pieces, learn from the mistakes and adapt, building our tools and projects to be more resilient than ever before.