The internet community has truly been reeling recently, from the repercussions of a huge “distributed denial of service attack” (DDoS). DDoS works by getting armies of zombie computers to flood targets with meaningless traffic. It’s as if you rushed home to collect an important letter, only to find that your house is entirely full of junk mail and pizza menus. DDoS attacks aren’t new – but this one had some really interesting features. Together, these made it both special and spectacular.
Firstly, there was the sheer scale. Even major sites, such as Twitter, were affected. Secondly, the zombie devices launching the attack were innocuous commodity products like cameras. Thirdly, the attack was so successful because it targeted Dyn (a firm which runs one of the net’s key bits of infrastructure). Dyn is responsible for telling your browser where to connect. It’s like bombing the post office: all the houses are still there, but the letters can’t get to them. Finally, the attack was notable for its lack of sophistication – so-called “script kiddies” are suspected. This moniker is used to describe low-skill hackers, who simply use publically-available tools.
It’s hard to protect against this type of attack, but one easy step would be to ban manufacturers from using default passwords on devices they produce. That particular folly prompted a huge product recall of Xiongmai’s affected cameras – but it was of course far too late to undo the damage.