Assuming you’ve not been living under a rock for the past few weeks, you’ve probably heard about how tens of millions of websites went down in mid-October. Among these sites include Twitter, Spotify, and Reddit; even Playstation Network was down for a time. Unfortunately, the Internet of Things was the tool that made this attack possible.
So, how did this one attack affect so many different websites all at once, you ask? Well, because the attack wasn’t on a website at all but on Dyn, a DNS service. Think of it as an electronic phone book roughly the size of a building where, instead of phone numbers, we’ve got our web addresses stored there. When this phone book was bombarded by millions of queries through a distributed denial of service (DDoS) attack, it crashed.
Now, any normal DDoS wouldn’t have done much to Dyn. They’ve got servers galore in countries across the globe. This wasn’t a normal attack though and they hit all the servers at once. Just a couple hours after the first attack, a second came, and then a third. Taking responsibility for these attacks was the well known group Anonymous alongside New World Hackers as retaliation for Ecuador taking internet access away from WikiLeaks founder Julian Assange.
Where does the IoT come into all this? Well, there’s a malware out there called Mirai which searches the Internet for IoT devices still protected by their factory default usernames and passwords, which is most. Once the hackers had access to these devices, they set their sights on Dyn to ping it constantly for information with people none the wiser that their printers, cameras, or even baby monitors were being used in such a way.