Hack Attack

animated evil toaster

Mirai botnet assault that brought down key websites was the largest in history, according to experts.

What happened?

On Friday 21st October hackers weaponised a large network of web-enabled home devices. DVR Recorders and CCTV cameras were infected with malevolent code and transformed into a 'zombie-army' that bombarded online targets with traffic – a Distributed Denial of Service or DDoS attack.

The targets included high profile brands such as Spotify, Pinterest, SoundCloud, The New York Times and the Wall Street Journal. These sites went dark for large parts of the United States.

So what?

For the companies involved, this is a big deal.

Obviously, with online retailers there is loss of sales to consider. For businesses that sell exclusively online, this is the equivalent a metal grille preventing customers from entering. For sites that rely on revenue from ad impressions, an outage is similarly financially damaging. Not only that, for any company that conducts business online, perceived vulnerability to attacks is bad for their brand.

This attack also made history – according to reports, it was around twice as powerful as any previous attack on record.

Who is to blame?

Good question. There was a tweet from Wikileaks that suggested that their supporters were responsible.

"Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point." 

The threat implied by this communication is interesting – it looks a bit like a cynical move on the part of Wikileaks to hint that the safety of Julian Assange is important to some dangerous people.

Setting aside the toxicity levels of a Pret sandwich, security researcher Bruce Schneier has a different idea. In a heavily-shared essay last month, he claimed to have evidence that "a large nation state" is currently "learning how to take down the internet'.

Schneier believes this is being done by testing and probing the defensive armour of companies that provide vital internet services. A botnet attack of this nature does exactly that.

That sounds bad... but also a bit like an eighties sci fi – Maximum Overdrive for millennials.

The real issue here is that people don't yet realise how vulnerable 'smart' devices without the memory for security software are.

So what can we do?

There are a number of ideas. Technology writer Brian Krebs suggests an industry security association, together with a 'seal of approval' awarded to secure devices.

Whatever is done, it will be as a result of Friday's attack. Just as the Great Fire of London resulted in the introduction of building regulations we now consider vital, so this exposé of our insecure baby-monitors and kettles must mean a shake up in the Internet of Things.

The internet is growing up; we need to grow with it.

Share this via

Partners & Technology