ItsGeekToMe.co

This is the second half of a 2-part issue discussing the large scale cyber-attack that occurred on October 21, 2016. If you missed part one, it is available on my website at ItsGeekToMe.co/columns/Issue-484.

As I told you last week, achieving the data rate of over a terabyte/second that was used to take down Dyn would require over 100,000 10mb/sec high-speed data connections, all coordinated and working together. In reality, the number was far greater than that. Dyn has said the data was actually flowing in “from tens of millions of IP addresses at the same time”. That may sound impossible, and if we were talking about tens of millions of people sitting at computers with a coordinated effort among them to generate this data, I would agree. However, this attack didn’t originate from people, or even PCs. The attack came from a botnet – an army of devices that have been compromised by malware, and turned into members of what amounts to a giant zombie “sleeper cell” all listening for commands from whoever is in control of the botnet. Outwardly, the individual devices continue to perform as their rightful owners expect them to, until the attack order arrives. At that time, the real fun begins, and, well, you’ve seen the results.

I’ve discussed botnets in many past columns. In doing so, I’m usually discussing networks of PCs that are infected with malware, and make no mistake – these DO exist. However, the attack I’m discussing was not pulled off by a PC-based botnet. It was accomplished with a botnet named Mirai, which means “future” in Japanese. Mirai is not made up of computers, but rather it is the first botnet that is comprised completely of ordinary Internet-connected home devices such as web cameras, Digital Video Recorders, routers, and the like. These devices are part of the so-called “Internet of Things” or IOT. It is the same Internet that your PC, SmartPhone, and tablet computer uses, but the IOT is made of non-computer devices with embedded computer chips. Since these devices are networkable, it means you can access, set-up, and view them while on-the-go, anywhere you have an Internet connection. Unfortunately, it also means that they are subject to the same kind of cyber-security vulnerabilities that most people think apply only to their computers. Except, there are far more IOT-connected devices than computers, and the number is growing rapidly, with literally millions of new IOT devices connecting every day.

Although there is no list of Mirai-compromised devices and model numbers available, it is possible that devices in your very own home were used in the attack without you even knowing it. Once the attack ended, the zombie devices returned to their normal functioning, waiting for the next command. This is important to know, because you can take some fairly simple steps to prevent your devices from being zombified in the first place. Most people seem to take these devices out of the box and plug them in to their network without changing any of the factory-default settings, specifically the device’s administrator password. There lies the primary vulnerability. It is a breeze for software like Mirai to sniff-out these devices, and with the factory default password in-use, it’s like turning an unlocked doorknob, and Mirai is in.

There is an as-yet-unknown risk to this software being inside the firewall of your home network. Many people expect their router’s firewall to keep the bad guys out, but they also want network traffic from their IOT devices to get through, so they can access them away from home. Firewalls usually explicitly allow such desirable traffic to pass-through. In doing so, these IOT devices just may be working as a sort-of data bridge that allows something as unexpected as an IP security camera to aid in the theft of your personal data.

We surely haven’t heard the last of Mirai, and it isn’t even the only IOT-based botnet around. In fact, the source code for Mirai was actually published online not too long ago, and cyber-security experts have said we can expect these attacks to occur with increasing frequency. You can bet that telecommunications companies are scrambling to find ways to block such attacks, but until then, possibly the single most effective measure that can be taken is for owners of IOT-connected devices to perform firmware updates, then set strong passwords, just like you would do if it was a PC.