Hackers Used the IoT to Create an Unprecedented DDoS Attack—Now What?

We asked security expert Dan Lohrmann what a massive cyberattack on cybersecurity journalist Brian Krebs' website means for the wider Internet of Things industry.
By Mary Catherine O'Connor

IOT Journal: How key were the IP-based security cameras to the success or scale of this attack? It sounds like the malware, Mirai, was designed specifically to leverage Internet of Things devices that were online, with poorly protected passwords and were therefore vulnerable. Could something of this scale been perpetrated without such IoT devices?

Lohrmann: It's hard to know exactly how many of the attacking machines were IP-based cameras, but clearly they were a very large part of the mix. According to Akamai: "The majority of these devices were identified as security cameras and DVRs and were used in 'Small Office/Home Office' setups. We've confirmed that many of these devices use either easily guessable (admin, password, 1234) usernames and passwords or the default passwords originally configured on the devices. Additionally, the attack included a substantial amount of traffic connecting directly from the botnet to the target, rather than reflected and/or amplified traffic, as seen in recent large attacks using NTP and DNS vulnerabilities."

Some sources were saying that over 1.5 million connected cameras were involved. Connected cameras generally have high-speed Internet access and make prime targets.

The hackers found a vulnerability that allowed them to take control of the devices' underlying Linux operating system when they typed a random username with too many characters. Once they had control, they planted malware on the devices and turned them into bots.

The second question is much easier. Mirai did play a huge role. In this case, the vast scale of unprotected devices clearly played a significant part in this attack. Nevertheless, I would not go as far as to say that there are no other ways to increase the scale of DDoS attacks. The bad guys are constantly coming up with new approaches to hack.

IOT Journal: Since the attack, the code behind Mirai has been shared publicly. Do you expect similar or larger attacks are imminent?

JOIN THE CONVERSATION ON TWITTER
Loading
ASK THE EXPERTS
Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations