Last Friday, some of the internet’s most popular websites – think Twitter, Airbnb, Spotify – were disrupted due to a massive hacking attack. There was nothing particularly new in the hackers’ method. Creating an overwhelming surge in traffic is known as a “distributed denial of service” (DDoS) attack, and has been around for years. Nor was there a huge amount of surprise that it had happened. Cybersecurity experts had warned for years that it was coming. What was noticeable, however, was the attack’s use of the so-called “Internet of Things”.
In recent years, the popularity of internet-enabled devices, such as kettles, fridges, thermostats, baby monitors, lightbulbs and webcams, has exploded. But often these devices come with a default password, which is rarely changed and can be guessed at from trawling the internet. Once inside, the hackers installed a malicious software program called Mirai, which enabled at least 100,000 devices to be banded together in a sort of “zombie army”, known as a “botnet”, explains Laura Hautala on tech site Cnet.
This zombie army then overwhelmed one of the internet’s biggest “phonebooks”, Dyn, a domain-name services company that translates a website’s internet address into an IP address read by computers. When Dyn went down, so did the websites that rely on it for its services. The identity of the hackers is so far a mystery.
By 2020, there are estimated to be around 20 billion internet-enabled devices in play, with consumers spending $1.5trn on the Internet of Things, according to researchers Gartner in the Financial Times. Around a quarter of online attacks will come from these devices. But regulating the industry is a challenge, since the devices from televisions to medical devices, fall into so many categories. If a hacker was able to gain access to a pacemaker, say, or a car, the result could be fatal.
Hangzhou Xiongmai Technology, a Chinese manufacturer, has recalled up to 10,000 of its webcams, which had been particularly susceptible to the attack. “It is going to take a number of events like this where it starts to become a profit motive for all the companies involved in this where they say, ‘we can’t ignore this any longer,’”, cybersecurity expert Matthew Cook tells MarketWatch. “Companies need to realise that they should invest in security, not just because it is the right thing to do — and it is — but because it is the more profitable thing to do as well.”