Back to listing
Just in case you missed it, the two biggest website hacks ever undertaken happened last month. The InfoSec website Krebs On Security was the target for a huge DDoS attack from an unknown attacker using the IoT, and OVH the hosting provider was attacked a few days after with double the force. Not only that, but the code for this incredible, malicious, infectious piece of malware was released to the open internet a couple of weeks ago for anyone to use, adapt, modify and re-use for their own ends! Before we get into it, let's de-jargon this story a bit:
The Internet of Things (IoT) refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other Internet-enabled devices and systems. These are often referred to as 'smart' devices and range in scale from thermostat controls to CCTV cameras, to internet baby-monitors.
A DDoS attack is a 'Distributed Denial of Service' attack; where a range of computers around the world continually bombard a website with requests for information, overloading the server (system which holds all the website data) and shutting it down or at least prohibiting other users from using it. The reasons this particular attack is remarkable are all in the details, however.
The way the attack was carried out was diabolical - IoT devices from around the world were co-opted by the hacker to attack the website: a range of webcams, routers and digital TV recorders. Everyday items that connect to the internet and are able to send and receive information packets. When a black-hat collects a huge array of machines which they can remotely control, they call it a 'botnet'. This botnet has had varied estimates on its overall size, up to 1.5 million devices around the world infected and controlled by the malware known as Mirai. Softpedia reports figures showing the botnet collecting up to 120,000 new slaves per day! As Mikko Hypponnen (internet super-watchdog, speaker at WIRED Security 2016 and personal hero of mine) said in his TED Talk; The Internet Is On Fire: "Let me tell you a secret: when you hear that a machine is 'smart', what it actually means is that it's exploitable."
The way the botnet was built was also ingenious. The hacker known as 'Anna-senpai' created a program which would scan telnets for devices of a certain model and make - CCTV cameras, routers, DVRs - and then attempt to login using the factory default password and username (admin/admin for example). If the user hadn't changed these since buying the device (have you!?) then Mirai would have access to the device to install the malware allowing Anna-senpai control of the machine from his/her lair. Once one device on your network was compromised, it wasn't much more work for Mirai to take over the rest, especially if your router password was the only line of defence between you and any other internet denizens like Anna-senpai who want to break into your system. The crazy thing is, that since so many of our consumer smart electronics have similar infrastructure at their core (lots of bits from China etc.) this botnet was able to capture devices from all around the globe in a vanishingly short time.
And lastly, the sheer amount of information that was being forced across the internet by this botnet is just mind-boggling. The attack on Krebs was a stonking 620 Gigabits per second - the equivalent of opening nearly 20,000 HD YouTube videos at once. From global sources. That's an almost impossible number of requests to process, and it isn't surprising that Akamai, the company responsible for protecting Krebs' website had to take him off their books when they realised how much it would cost them to continually defend him. Not a hugely horrible thing to do when you realise they were initially working pro bono and staving off this attack was likely to spin out into millions of dollars’ worth of effort. Just a few short days after, the hosting provider OVH was DDoSed by Mirai, at speeds of up to 1.1Tbps - that's twice as fast. Mental.
While this sort of attack shouldn't scare you as a victim, you should definitely be worried about being used as a tool to commit attacks on others. It's like leaving your car with the keys in the ignition so anyone can use it for anything they like, like robbing a bank or running over their neighbours. For professionals and teachers who use technology, it's your job to know about this sort of thing and to encourage those around you to secure their systems against malicious users. It doesn't take much to improve your internet security, after all. Understanding this stuff isn't rocket-science, you just need to expose yourself to it! You can always undertake some FREE InfoSec courses online at places like Cybrary or HackThisSite. Even further; next week is the WIRED Security summit in London. If' you're around, and you fancy learning some amazing things from incredibly talented folks, grab a ticket! Click here to find out more about the event and get some tix to see the world's best white-hat hackers talk about their exploits! (You can get a 15% discount if you say you're friends with us! Just use our discout code: WSHL15 when you book!)
So get out there and tighten up your security! I'll be doing a blog post soon on how to beef up your security at home, and how to teach your old mum to do it too - from making strong passwords to installing malware blockers; look out for it!
MrC is a data-crusader whose sole purposes in life are to help n00bs become 1337 and to eat all the chocolatey things. He gets annoyed when people can't even take care of their own security and it messes with everyone else, but has endless patience for kids...unless they've already had it explained twice before. Sometimes, he likes to gather all the chocolatey things into a pile on the couch and play Fallout with his headphones on.