On October 21st, 2016, a massive distributed denial of service attack (DDoS) knocked out huge sections of the Internet. Sites like Twitter and Amazon went down because the company that runs much of the backend of the Internet, Dyn, was attacked. They run domain-name system (DNS) servers that allow people to type in Amazon’s address and get there without having to remember a long numerical address.
DDOS attacks work by flooding a system with millions of fake requests for information, meaning that the system can’t get around to processing actual requests from customers. It looks like this attack was launched largely by using unsecured devices connected to the “Internet of Things,” meaning security cameras, baby monitors and the like which have little to no built-in security. Anything connected to the Internet essentially, although computers have much more security built in. Those devices worked normally, but they were being used to attack Dyn.
This points out some very big issues that need to be addressed in the near future. As more and more objects are connected to the Internet, they offer more and more opportunities for hackers to turn them against us. If those cameras and such had better, or any, security features then this attack wouldn’t have been so easy to orchestrate.
Whether or not the federal government can mandate improved security remains to be seen though, because there will likely be push back from the market. More security means higher costs, and while that might seem fine for a computer, it likely won’t for a fitness monitor. Finding a way to strike a balance between improving security and not punishing the consumer is going to take some work, and so far, nobody really knows how to get started on that process. Let’s just hope it happens before the next major attack.