Brian Krebs is a popular reporter on the topic of cybersecurity. He regularly exposes cybercriminals and their tactics, and consequently is regularly a target of their kind. Last month, he wrote about an online attack-for-hire service that resulted in the arrest of the two proprietors. In the aftermath, his site was taken down by a massive DDoS attack.
THE FACE OF THE IOT THREAT
Distributed denial-of-service (DDoS) attacks are a family of attacks that cause websites and other internet-connected systems to crash by overloading them with traffic. The “distributed” part means that other insecure computers on the internet—sometimes in the millions—are recruited to a botnet to unwittingly participate in the attack. DDoS attacks are perpetrated by lone hackers trying to be annoying, criminals trying to extort money, and governments testing their tactics. If the attackers can cobble together a fire hose of data bigger than the defender’s capability to cope with, they win. If the defenders can increase their capability in the face of attack, they win.
What was new about the Krebs attack was both the massive scale and the particular devices the attackers recruited. Instead of using traditional computers for their botnet, they used CCTV cameras, digital video recorders, home routers, and other embedded computers attached to the internet as part of the Internet of Things.
Much has been written about how the IoT is wildly insecure. In fact, the software used to attack Krebs was simple and amateurish. What this attack demonstrates is that the economics of the IoT mean that it will remain insecure unless government steps in to fix the problem. This is a market failure that can’t get fixed on its own.
The IoT will remain insecure unless governments step in and fixes the problem.
Our PCs and cell phones are as secure as they are as long as there are groups of security specialists chipping away at the issue. Despite the fact that the source code to the botnet that assaulted Krebs has been made open, we can’t upgrade the influenced gadgets. In any case, the main path for you to upgrade the firmware in your home switch is to discard it and purchase another one.