You probably noticed that at various points during a day not long ago, you couldn’t get on the internet. If you could, a lot of the sites you’re used to visiting were simply unavailable for extended periods of time.
The reason you couldn’t get on the internet was because a company you’ve probably never heard of, called Dyn, came under a massive DDOS attack.
DDOS stands for “Distributed Denial of Service,” and basically, it amounts to a whole lot of internet-capable devices flooding a company’s servers with requests. Sooner or later, no matter how robust a company’s infrastructure is, it’s going to succumb to that kind of sustained attack, and the servers will go offline.
In this particular case, Dyn handles DNS functions for a number of high-profile companies on the web. Basically, Dyn runs the network that allows your web browser to find CNN.com, or whatever web address you type in it. If not for companies like Dyn, you’d have to know the specific IP address for every website you wanted to visit, which is a non-starter, to say the least.
Notice the phrase “internet-capable devices” in the paragraph above.
Most of the devices that took part in the DDOS attack against Dyn weren’t PCs or smartphones. They were toasters, refrigerators, dishwashers, smart door locks and other assorted equipment.
Recent technological advances have made it possible for us to connect a growing array of devices to the internet, creating the Internet of Things, but there’s a problem with that. Most of the companies that make “smart” devices don’t bother with even the most basic of security measures.
The companies that do add security features to the ’net-connected devices they sell tend to use free or cheap options that are easily cracked, and even then, they seldom bother with security updates.
This has created a situation where we have tens, if not hundreds of millions of unsecured devices on the internet that can easily be slaved by hackers to create vast ’botnet armies, which can then be used to execute withering DDOS attacks against the targets of their choosing.
The owners of such ’botnets can, for instance, bring down big portions of the internet at will, as they recently demonstrated.
Unfortunately, our appetite for smart devices continues to grow, and equipment manufacturers continue to largely shrug with indifference about adding security features, which means that we can expect to see more attacks like this one in the months and years ahead. Until we all get a lot more serious about digital security, this problem will only get worse.