CHINA TOPIX

12/22/2024 03:25:09 pm

Make CT Your Homepage

Hackers Almost Cripple the Internet by Weaponizing IoT Devices as Botnets

Weapons galore

Weapons galore: the Internet of Things

Somebody just weaponized the Internet of Things (IoT) and it certainly wasn't DARPA (the Defense Advanced Research Projects Agency).

Someone -- more likely state sponsored pros like those from Russia and China -- painfully illustrated the damage millions of vulnerable IoT devices connected to the internet can inflict when three waves of massive DDoS (Distributed Denial of Service) attacks almost crippled the United States' internet infrastructure on the East Coast.

Like Us on Facebook

DDoS attacks involve flooding websites with more traffic than they can handle, making them difficult to access or taking them offline.

The severity and length of the attacks led some security experts to finger Russia, which has been on a hacking spree the past months to embarrass Democratic Party Presidential candidate Hillary Clinton while trying to get pro-Russia candidate Republican Donald Trump elected as U.S. President on Nov. 8.

Russia seems a logical culprit since the CIA last week said it will retaliate for Russia's unrelenting cyberattacks on U.S. political institutions and the U.S. government.

If Russia is behind the Oct. 21 attacks, it seems the Kremlin has beaten Washington to the punch. And it's sent a clear message to Obama: act, don't talk.

Hackers mounted unprecedented and coordinated global DDoS attacks on internet services firm Dyn DNS Company based in New Hampshire. Dyn said it was attacked three times by hackers using a DDOS attack.

The attack caused major sites including Twitter, Reddit, GitHub, Amazon, Netflix, Spotify, Runescape, and its own website (http://www.dyn.com) to become unreachable. The cyberattacks caused outages for many across the East Coast in the U.S.

Dyn claimed to have restored services two hours after the first attack before being hit again. It said hackers had exploited vulnerable IoT devices to mount the attacks.

Security experts believe hackers used the widely available Mirai botnet to conduct the cyberattacks. The source code of this botnet was recently made available to the public for free.

Mirai takes control of IoT devices and was definitely linked to the attack. The vast numbers of Mirai-controlled IoT devices making a massive number of requests caused Dyn's servers to collapse under the strain.

"When I see something like this, I have to think state actor," said Carbon Black national security strategist Eric O'Neill, a former "spy hunter" on the FBI counter-intelligence force.

"This is not some hacker sitting in his basement typing away on a keyboard."

Other cyber security experts concurred with this conclusion, saying the attack could also have been meant as a message from a foreign power (likely Russia).

The number of DDoS attacks has spiked due to the easy availability of tools for compromising and exploiting the huge numbers of IoT devices that are mostly poorly secured internet-based security cameras, digital video recorders and Internet routers.

Real Time Analytics