Internet outage in the US and parts of Western Europe on Friday, after waves of cyberattacks on a major DNS host Dyn may not have made much news in India and other parts of the world but it is unlikely to be an one off incidence and something that if repeated is unlikely to affect the Internet users in the US only. The attack made some of the widely used web services and websites such as Twitter, Spotify, PayPal,Reddit,Github,CNN, WSJ and many other service inaccessible. Distributed Denial of Service (DDoS) attacks have been launched against websites since the time hackerdom came into existence but lately they have been becoming increasingly effective/disruptive with the use of botnets. However, what is really alarming is the fact this attack was carried out using botnet of not zombie computers but Internet connected devices including routers,webcams,DVS and commodities collectively called Internet of Things (IoT).
|Areas affect during DDoS attack against Dyn (Courtesy : Wikipedia)|
Clearly, this was an attempt to arbitrarily shut down part of the Internet rather than a political protest as seen before. After US accusations against Russia of carrying out cyberattacks on political organisations during the ongoing Presidential election campaign , it is not surprising to find many Americans speculating Russian involvement in it. It is unclear to me what exactly Russia can gain by causing outages in large parts of the USA for a day, surely if nation-states like Russia, US and China preparing for cyber warfare do decide to carry out attacks, they would seek to extract much heavier costs than a single day's outage. Yet, cyber criminal groups hired to probe the vulnerability of US' core Internet infrastructure sounds very feasible,the complexity in the operation suggest some level of cooperation. Officially the US has, as of yet, not blamed any country for the attacks and has instead pointed fingers at cyber criminals using a botnet of IoT to carry out the attacks which makes the future of cyber security look bleak.
It is estimated that by 2020 there would be 50 billion connected products. It seems rather unlikely if security of connected products are sufficiently secure,since upgrades and security patches are not always accessible to consumers, more so if the devices are old even if very much active. Further, the commodity manufacturing industries as a rule prioritise rapid development of products so they can be released in the market before their competitors do. It follows that security testing of these "smart commodities" has to be lower on the priority list if they are to meet the deadline. Most consumers on their part remain oblivious to this security threat even when their devices are already hacked.