Hackers Used the IoT to Create an Unprecedented DDoS Attack—Now What?

We asked security expert Dan Lohrmann what a massive cyberattack on cybersecurity journalist Brian Krebs' website means for the wider Internet of Things industry.
By Mary Catherine O'Connor

IOT Journal: Were you surprised to hear of the DDoS attack on Krebsonsecurity.com?

Dan Lohrmann: Yes, I was shocked by the size of the DDoS attack against Krebs' blog. I was also really surprised by the scope of the IoT botnets used against him.

This was a new type of high-powered DDoS not seen before. According to the Krebs, this was almost double the size of the largest previous DDoS attacks. Krebs wrote:

"The assault was 620 Gbps in size... previously (DDoS attacks) clocked in earlier this year at 363 Gbps... The huge assault this week on my site appears to have been launched almost exclusively by a very large botnet of hacked devices..."

I wonder: Why did they attack the Krebs' website? Was this to prove a point or demonstrate new botnet capabilities? It certainly could have been for the retaliation reason offered by Krebs: "the takedown of the DDoS-for-hire service vDOS, which coincided with the arrests of two young men named in my original report as founders of the service."

However, it could also have been to get global attention since Krebs is a top cyber blogger. Or, was it to prove a point to [the hacker's] potential clients that the power of such direct attacks are real and can have an impact?

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations