In recent years, we have all heard the expression before, but how does someone really “break the Internet?” Recently, an incident arose where a large network of electronic devices joined together resulting in a major interference with online businesses and services. Amazon, Netflix, and Yahoo, were hobbled temporarily due to various flaws in the Internet of Things. This flaw allowed individuals to create what’s known as a botnet, to launch a massive DDoS attack to effectively shut down services. So, how would we prevent a similar incident from occurring? Should you be concerned about your smart devices? What about your websites and online services?
How did the Internet of Things become weaponized?
As it stands, the Internet of Things, which comprises of smart devices that connect online for the convenience of individuals, became weaponized against service providers, and created a “botnet.” Effectively, some type of malware was downloaded onto these smart devices prompting them to send requests to certain websites. When these websites become overwhelmed by the requests, it resulted in websites crashing, or becoming generally unavailable to the users. Here, one might wonder how, but the real answer was due to a lack of knowledge, training, and security. Unlike regular computers, tablets, and cellphones, smart devices do not always have the capability for security updates. With this, even for those devices that might be on a more secure network, the Internet of Things still entails those devices being connected online. This makes them vulnerable to more pinpointed attacks. From there, the controller of the botnet can use the Internet of Things to launch the DDoS attack and crash a network.
What are the other concerns?
Ideally, as a consumer, you should research to make sure that any smart devices you purchase will and can receive security updates, or occasional firmware updates. This aspect is rather important, although it receives little attention, because the security features of the smart device are ancillary to consumer’s usage. Furthermore, while it is possible for a hacker to “pivot” from these smart devices into other ones upon gaining access, that is a relatively minor issue. Looking at the DDoS as it could be used, it has the ability to cause further harm, if the hacker attempts to gain access to and infect government websites. To prevent an internet-breaking event, or potentially a larger scale situation affecting national security, or the safety of individuals, the solution is likely twofold. First, there must be functional security updates on the developer’s side. Second, there must be proper regulation by the government.
For those running online businesses (i.e., e-commerce websites), they should keep in mind how the DDoS attacks works. They involve the use of botnets to overwhelm a system’s server. To avoid this, the solution is simply to increase resources to better handle those attacks. Increasing bandwidth, adding redundant DNS servers, creating cache servers, maintaining firewalls, and funding online security is a solution. However, it should be noted that, given the recent attacks on these larger websites, this is not an entirely feasible solution, as resources for any business are limited, and the solutions will vary from business to business.
At our law firm, we assist clients with legal issues related to internet, cybersecurity, privacy, and e-commerce transactions. Please contact us to set up an initial consultation.