Do you remember back in October when we featured a Tech Tuesday concerning the Internet of Things (IoT) and a massive Distributed Denial of Service (DDoS) attack? Do you remember, almost a year before that earlier article, when we talked a bit about the most sinister corner of the Internet called the Dark Net?
Here’s a somewhat frightening mash-up of both articles.
If you—yes, you!—happen to have some spare change or “fun money” aching to burn a hole in your pocket, you can easily host your very own DDoS attack with the botnet used in that somewhat powerful cyberattack against security expert Brian Krebs. Just to remind you, this botnet recruits random IoT devices and sends gigabytes worth of traffic per second at the same time to any website you desire. While you may think “Hey I run a business out of my home. This is the kind of traffic I would love!” this is the kind of traffic volume that takes websites down and keeps them offline. If you are wanting to do business digitally, this kind of help is counter-productive.
This botnet was the same IoT recruiter that took down the security website, KrebsOnSecurity, and then went on to make things difficult for PayPal, Verizon, Pinterest, Twitter, and other sites back in October. If you know how to get on to Dark Net, you can purchase it for your own use. How? Well, one of the outlets hackers took advantage of with their botnet were webcams that were accessing non-secure machines. With passwords properly set, this botnet was able to access computers through these cameras, basically turned them into a robot army awaiting their master’s call to turn on a flow of traffic to any website in the world.
So for a paltry $4,600, you can buy 50,000 bots—hacked computers under the control of hackers—and have them target any website you want, and bring it down. Pay $7,500 and your DDoS army grows to 100,000 bots delivering 1 terrabyte of traffic a second. That will effectively bring down most any site.
Setting aside the price of these DDoS Soldiers-for-Hire, there is no simple way to purchase this “package” of mayhem. It’s not like you can hop on to Amazon, and use your Prime to get your botnet overnight. No, you have to go to a dark corner of the Internet and work with people on the honor system. This honor system includes business where you can meet demands of hackers only to face more demands. The Dark Net is not necessarily easy nor safe to navigate, and there are no guarantees that your purchase will work.
You would think this is enough a deterrent, but there is a certain amount of opportunity here as the IoT is trendy, is cutting edge, and—sadly—vulnerable on account of lax security. This is a big problem and it will get worse and worse and worse because IoT devices are so easy to set up. IoT devices are simply not secure, and the ability to mount massive DDoS attacks is just too tantalizing.
A research physicist who has become an entrepreneur and educational leader, and an expert on competency-based education, critical thinking in the classroom, curriculum development, and education management, Dr. Richard Shurtz is the president and chief executive officer of Stratfdord University. He has published over 30 technical publications, holds 15 patents, and is host of the weekly radio show, Tech Talk. A noted expert on competency-based education, Dr. Shurtz has conducted numerous workshops and seminars for educators in Jamaica, Egypt, India, and China, and has established academic partnerships in China, India, Sri Lanka, Kurdistan, Malaysia, and Canada.