When IoTs Become BOTs, The Dark Side of Connectedness

Each day our lives become more connected. We revel in our mastery over our domain as we tap on smart phones to change the heat in our home, see who’s at the front door or remotely start our car on a snowy morning. Connectivity makes our lives easier, and more enjoyable. There is a dark side though to all of this connectedness, if we can control these devices then it’s possible others can as well. Last Friday we saw a harbinger of what can be achieved with Internet of Things (IoT) devices that are poorly designed. At one point Dyn reported 10s of millions of IoT device IP addresses that were sending them huge volumes of bogus network traffic. Dyn is one of the root Name Servers on the Internet. This congestion effectively slowed access to a crawl for east coast US users of Amazon, Twitter, Github, Reddit, and many other popular sites.
The compromised IoT devices all appear to be built using the Swiss Army knife of Embedded Linux, BusyBox, and as such might not be readily patchable. Most of these IoT devices are webcams, smart DVRs, and home routers, but they are just the tip of the 1.2 million device iceberg that is the Mirai Botnet. To put this number in perspective the current active duty strength of the US Armed Forces is nearly the same number, 1.28 million. Image all of our active duty military sitting at keyboards running programs to attack a single website, that’s the power that “Anna_Senpai” the single person behind Mirai wields. Now by contrast Mirai isn’t the largest BOTnet we’ve ever seen, others like Conficker or Cutwall were larger, but this is the first one built entirely of IoT devices.
So how can we cut Mirai off at the knees? Well it’s actually pretty simple, create a unique userid and password on all your IoT devices. All the devices in Mirai were hijacked because the owners of these devices never changed the product’s default userid or password. If you’re still running with the defaults on your home router, and other IoT devices, please change them now. You may be a slave to Mirai, and not even know it.
What if you’re the next target for Mirai, how can you defend yourself? Turns out Dyn wasn’t the first victim, a month earlier Mirai was used to attack Brian Krebs, noted cyber security blogger. Brian Krebs had recently published an article on a company that sold DDoS as a service. At its peak the DDoS assault against his Blog reached 620 Gigabits/second, effectively silencing Krebs for a short time. When attackers are this diverse the most effective solution is often to distribute the attack load across numerous devices and deploy special hardware filtering in silicon at the edge that is designed to mitigate these attacks. In Brian Krebs case he moved over to Google’s “Project Shield” a platform designed to host journalists who otherwise might be silenced by DDoS attacks.

russell_sternRussell Stern has served as President and CEO at Solarflare Communications since 2004. He was formerly President and CEO at JNI Corporation in San Diego, California. Prior to JNI, Stern served as General Manager and COO at Quantum Corporation.

North Korea’s internet takes a hit on Monday

North Korea’s internet went down on Monday, following a weekend of spotty coverage, according to multiple news reports. The outage comes only days after President Obama said that the U.S. “will respond proportionally” to North Korea regarding the FBI’s allegations that the solitary nation was responsible for the immense hack on Sony Pictures Entertainment.

The North Korean internet outage was spotted by Dyn Research’s director of Internet analysis Doug Madory who told several news organizations that the country’s four networks that connect to the rest of the internet were offline. Bloomberg News noted that North Korea’s four networks (in comparison, the U.S. has over 152,000 similar networks) all pass through China.

Madory was not able to declare whether someone was indeed hacking North Korea, but he told Bloomberg News, “It is kind of out of the ordinary. This is not like anything I’ve seen before.”

The Dyn Research director gave a few more details to the New York Times saying that the outage appears similar to what occurs during a DDoS attack, in which network routers are bombarded with so much traffic, they end up failing.

CloudFlare CEO Matthew Prince also confirmed to the New York Times that North Korea’s internet is offline.

Considering North Korea’s general populace does not have regular access to the web, the country’s citizens aren’t probably feeling the effects of the outage, according to the Times. North Korea’s elite and its cyber army are probably reeling, however.

If it turns out that the U.S. is responsible for bringing down the North Korean internet, the Times noted that it would be quite a shift for the U.S. as most cases of U.S. cyber espionage center around the collecting of data, not the shutting down of systems.

A U.S. State Department spokeswoman told Washington reporters that the U.S. is unable to confirm the hacking reports on North Korea, and she wouldn’t outline how the U.S. plans to respond to the original Sony hack.

Akamai buys DDoS security company Prolexic for $370 million

Akamai Technologies(s AKAM) says it has signed a definitive agreement to acquire Prolexic Technologies, a Hollywood, FL.-based cloud-based security company, whose products are focused on protecting data centers and corporate applications such as email, file transfers, and VPN from distributed denial of service (DDoS) attacks. Under the terms of the agreement, Akamai will acquire Prolexic in exchange for a net cash payment of approximately $370 million.

Anonymous takes on Indian government, Bollywood

As promised, hactivist group Anonymous organized demonstrations on Saturday in 16 cities throughout India, protesting the governments Internet laws and the ISPs’ blocking of popular file-sharing sites. Protesters donned Guy Fawkes masks and amassed at cricket grounds and other outdoor landmarks from Chennai to Delhi.