The Internet of Things is a marvel of modern technology. Our televisions, watches, scales, fridge, and even light bulbs can now go online using wireless connections that are getting increasingly faster. Experts and analysts warned of the dangers of these connected devices for years, and in late 2016 our worst nightmares were realized.
Smart, connected devices we use to make our lives easier were harnessed by hackers to destroy our favorite websites. Here’s a breakdown of how it happened and what you need to do to stay safe.
A New Wave of Cyberattacks
In September, OVH, a hosting provider based in France, reported the largest Distributed Denial of Service (DDoS) attack on record. According to OVH founder and CTO Octave Klaba, the DDoS bandwidth peaked at nearly 1 terabits per second. Klaba reports the massive attack was carried out by a botnet consisting of over 152,000 compromised smart devices, including security and web cameras.
Around the same time, KrebsOnSecurity, the blog of digital security and cybercrime journalist Brian Krebs, was hit with a 620 Gbps DDoS attack. Being an expert and professional researcher on the subject, Krebs contacted Akamai, his hosting company, to learn the attack followed the same pattern – a botnet of hacked IoT devices.
Then in October, the botnet was aimed at Dyn, a DNS service used by some of the world’s biggest websites, including Twitter, Netflix, Imgur, Spotify, Reddit, and more. Dyn was attacked twice, and access to these popular websites was interrupted for much of the day.
Both attacks on Dyn were carried out by the same malware that afflicted Krebs. Called Mirai, the malware scours the Internet for unsecured IoT devices and takes them over.
What’s worse – the source code for Mirai was posted publicly on Hackforums, a popular hacking community site. So, while the attacks used the same weapon, the people responsible for using Mirai against Krebs may not be associated with those who aimed it at Dyn.
And now anybody can use this weapon of mass Internet destruction which is unlikely to be patched anytime soon.
It’s not just the bandwidth of Mirai (or its widespread availability) that has so many analysts worried. The method of attack is new, often referred to as zero-day in the hacker community, and many of the owners of such devices are unaware they’re even affected.
A typical DDoS attack uses unmanaged DNS servers that are configured to accept queries from the outside Internet to launch what’s called a DNS reflection attack. In this attack, spoofed and forged DNS queries trick the server into replying to an outside computer as though it’s part of the network.
These attacks are then amplified to maximize the amount of data being sent by each DNS server to the target. When hundreds of thousands of servers are utilized, the target web service can quickly be overloaded and shut down. It’s an effective tool utilized by hacktivists to take down websites like PayPal, MasterCard, etc., and is referred to as the low orbit ion cannon.
Instead, what Mirai does is utilize generic routing encapsulation (GRE) data packets, a communication protocol that establishes point-to-point network connections, allowing data share that’s normally not sent over the public network.
“Seeing that much attack coming from GRE is really unusual,” Akamai’s senior security advocate Martin McKeay said. “We’ve only started seeing that recently, but seeing it at this volume is very new.”
This means the attackers didn’t simply trick the network into believing they were a part of it. They actually took over a device on the network and became a part of it. And while we may have anti-malware precautions on our computers and even mobile devices, our DVR, smart TV, smart lights, security cameras, and other connected devices are often unprotected.
With Mirai’s source code released into the hacking community, these attacks can grow larger and be launched on unprecedented scales. Tens of millions of IP addresses were used in the Dyn attack last month, so there’s a good chance you own an affected device.
Stopping the Spread
Keeping smart devices and your network secure needs to become a priority.
So many people used the default username and password (typically admin/admin) on routers that most ISPs now change the default settings during installation. Believing everything behind the router to be secure, we rarely think about the encryption or security on devices like our DVR or security camera, but they’re connected to the cloud.
Change the default information on every smart device you purchase. Otherwise it will be compromised.
Also, the manufacturer of your device may offer firmware upgrades, and these should be kept up with. If they haven’t released a patch in the past 30 days, pressure them to do so with an email, phone call, and other follow-ups. Keep up with these updates, as Sony learned when the PlayStation Network was hacked in April 2011 after a delayed Apache server update.
In addition, watch out for DNS leaks, in which your VPN tunnel isn’t working. Most VPN services have an automatic Internet Kill Switch that disconnect you the instant the VPN fails to anonymize your IP address.
It’s especially important to have a VPN installed on your smartphone, which often acts as a hub for IoT devices at home. No matter how secure your home network is, you bring your smartphone around with you everywhere, and it’s constantly pinging networks the entire time. This vulnerability is often exploited by attackers who set up WiFi hotspots and even spoof cell phone towers to intercept mobile data.
Above all else, remember that more often than not, user error is responsible for downloading malware and compromising networks. Stay conscious of what webpages you visit and email attachments you open. Don’t download files or run scripts you don’t trust to keep malware off your network.
The Internet of Things allows machines and devices to gather and analyze data like never before. It’s enabling us to be smarter, faster, and more efficient on every level. Unfortunately, the convenience comes at a price – with more devices than ever connected to the Internet, the footprint of botnets and hacking attacks has grown exponentially.
By taking the proper steps to secure your network and devices and being mindful of what you’re doing online, you don’t have to worry about your network being compromised. You will, however, be annoyed when the unsecured devices of others are used to take down your favorite website for the day.