Amazon, Tumblr, Reddit, PayPal and other sites.
It was smart. And it was simple.
Security experts say the attackers used a simple enough program called Mirai, which allows even largely amateur hackers to take over anything online and use them as part of attacks. We’re talking about DVR’s. Your wifi printer. Your wireless baby monitor.
The devices are used to create something called a botnet, or a robot network, to send millions of pieces of data that take down the targeted computer systems. In this case, it leads to those sites being taken down.
Why now? Early in October, the source code for Mirai was released on the “dark web” – sort of like an underground black market for hackers. Security experts have argued this is just the beginning. But it’s also not the only type of attack.
And here’s the thing. Companies don’t want you to know they’ve been hacked.
Two banks that my agency uses have been targeted repeatedly in the past couple of months. The only reason we knew they were targeted was because we have connections high up in the banks. The official released story? “We’re experiencing some technical difficulties.”
I turned to the experts at Nutmeg Technologies, a firm that specializes in IT services and securities for businesses across a variety of industries, to weigh in on the threat.
The two fastest growing threats in the Information Security industry are Ransomware and the rapidly ballooning crop of internet-connected physical products such as thermostats, light switches, DvD players, always-on game systems, even physical buttons to press to re-order products for your home,” said Dan Farkas, support lead for Nutmeg.
“The reason internet-connected gadgets are so insecure is because there’s no real standard. Since the back-end device settings are transparent to the consumer, the security is too – and many of the devices that connect to your network and then out to the public internet are cheaply made for $5 to $20. While this is a great advantage fiscally for consumers, not to mention convenient, it leaves them in danger of exposure from products that have no standard for security hardening and can be sold by anyone.
When there are hundreds of different types of devices there are hundreds of points of weakness. To protect your home and your business, you must be very aware of what you allow to access your network.”
Shawn Weaver, Director of Operations at RKL & Associates, said his firm has seen it as well.
“Industry wide we have seen a huge increase in malicious activity. Sadly, as Kyle mentioned, we are woeful ill-prepared for that very real threat, just look at the amount of information that is coming out of the state department, which is considered one of the most secured datacenters in the world. I would agree with many of my colleagues that a massive wide scale cyber attack is not far off, and it doesn’t even necessarily have to come from a giant target like Russia,” said Weaver.
Speaking of Russia, the Obama Administration has threatened a “major retaliatory cyber attack” against the country, stating that Russia has been involved in recent hacks against the Democratic National Committee (a stance that’s been heavily debated).
Oh, good idea. Let’s start a cyber war.
In February of this year, U.S. investigators found evidence of a massive cyber attack on a power grid that caused a blackout for hundreds of thousands of people in Ukraine in December. Who do they point to for the attack? Russia.
It was a highly coordinated attack against six power providers…and was so severe that it knocked out the internal systems meant to also help restore power.
Weaver argues that a major attack more likely than not would NOT come from Russia.
“Russia can’t afford the payback as much as we can’t afford the attack. When the attack comes it will come at the hands of terrorists, ISIS, Al Queda, or possibly even a home grown radicalized terrorist. All it takes is someone with a high tech skill set, a computer, and internet access. It is very possible these attacks could come direct from a non-extradition country giving us very limited resources in tracking down and holding the terrorists accountable. The power grid seems to be a good target for an attack like this as it can literally cripple this country,” he said.
Last October, Ted Koppel released a book called “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.” The book is a New York Times bestselling investigation showing that not only is a major cyber attack on America’s power grid possible…it’s likely.
It would also be devastating, and our country is massively unprepared.
In the book, Koppel forces you to imagine a blackout that could last months or years. We’re talking about hundreds of millions of Americans with no running water, refrigeration, or light…with a dwindling food and medical supply stockpile. Imagine the shutdown of banks. Overrun police departments. Desperation for survival.
It’s a terrifying concept. But Weaver argues that other significant yet perhaps less protected systems are also ripe targets.
“Imagine if someone flipped a switch and turned every traffic light in NYC to green at the same time? Or our airline computers? When a single airline has a computer issue that lasts even just one hour, the backlog can take more than 24 hours to clear. Can you imagine a wide scale shutdown for hours or days of every major airport in the country?” he suggested.
So how do we handle these looming threats? Chris Carter, CEO of Approyo, offered his guidance.
“Be vigilant and be aware,” said Carter.
Simple, right? But it’s true.
“Know what your doing with your IT around your home and business. The fact is 99% of folks do not know that when they connect a device like a baby monitor to their wi-fi network at home is that it comes with a pre-assigned IP, user ID and password,” he said.
“Hackers know every device that is out there with these pre-assigned ID’s and how to exploit them. Do you really want someone in a foreign country looking thru your baby monitor at your naked wife as she attends to breastfeeding your child at 3 am? It is real, and it is happening right now.”
With any new technology that comes out, it’s inevitable that someone will look to exploit it. It’s just one of the many reasons why government leaders continue to stress the importance of securing your home…our cities…our country…and the internet as a whole.