If you are familiar with Curious, you know how much we talk about the Internet of Things, or IoT. Just two weeks ago, we were talking about a brand new computer that was IoT-ready and coming in at the lofty price of only five dollars. IoT is all the rage. The ability for your refrigerator, your car, or your 35mm camera to be connected is an innovation that promised to be the next big thing back at the beginning of the year. What you don’t hear about at these events, though, is how the Internet of Things is creating a huge problem. These innovative IoT-ready devices are not all up-to-date in their security. It could be thermostats, smoke detectors, led lightbulbs, what have you—all these are connected to the Internet now, and they tend not to be patched properly.
What is a bit unsettling is how the security websites for all these devices just recently suffered a massive Distributed Denial of Service attack.
A Denial of Service or DoS attack is when hackers do what they can to overload a server and keep you, the consumer, out from a desired service. However, a Distributed Denial of Service or DDoS attack occurs when hackers either coordinate with other hackers or recruits (remotely) unsuspecting computers to access a server at the same time, jamming up the works and overloading the server, causing it to shut down.
In the case of this massive DDoS against security expert Brian Krebs, hackers recruited IoT devices, used them as bots, and did just that. Appliances from all part of the country and even the world sent 620Gbps (yes, that gigabytes) per second’s worth of traffic to his website. How much is 620Gbps per second of traffic? Picture 60,000 home networks all accessing Krebs’ security site at the same time, making all sorts of requests ranging from “Who is Brian Krebs?” to accessing the latest blogpost. Naturally this DDoS attack brought Krebs’ site down.
His website, KrebsOnSecurity, had originally been hosted by Akamai, and they had done so pro bono because of his service to the online community. This attack was so massive at 620Gbps, though, it was taking the rest of the Akamai network down with Krebs. Akamai had to think of the bigger picture, and gave the security expert two hours’ notice before kicking him off the system.
Score one for the bad guys.
Google came to Krebs’ rescue by hosting the site, using Project Shield which should be able to handle a Distributed Denial of Service attack of that scale. Krebs has said on his blog that to protect him from this sort of DDoS attack would have cost Akamai $150,000 and $200,000 per annum. A price tag well out of his and Akamai’s budget. Preliminary analysis indicates that the traffic generating the biggest chunk of the attack came from Internet of Things devices with the hackers sending things like generic data packs with only one aim in mind: to overload a system.
Sure, IoT is cool. But so is solid security. This is going to become a bigger and bigger issue as time and trends go on.
A research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratfdord University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.