October 27, 2016
Written by Jim DeLeskie

Halloween mayhem arrived early for some last week via the internet. It was enough to get me off my ass and start this blog. For years, myself and others have warned about the security risk posed by the rapidly growing number of IoT devices. Well it’s happening, it happened again last week, and it is time we all take notice because it is only going to get worse.

Last week’s attack was on the company Dyn — which disrupted some major sites including Twitter, Netflix and Amazon. Dyn offers Domain Name System (DNS) services which operate as post offices of a sort and converts web domain names to IP addresses. Attacking a DNS platform like Dyn results in a massive disruption across the Internet. Imagine losing your contacts in your phone. How would you text your friends if you don’t know their numbers?

The Mirai malware was key with this disruption. That’s the same malware strain used to launch the 620 Gpbs attack on a security journalist’s website last month.

Late December, 2015, more than 230,000 Ukrainian residents went without power after an Internet attack disabled power stations in their city. It was the first confirmed hack to take down a power grid. Think about that for a minute, and think about what could be if the power went out in your city, for a week. No surgeries at the hospital, no traffic lights, no hot showers, the list goes on.

There’s very real worry of cyber manipulation in the upcoming American election. This follows the arrest of a Russian citizen suspected of hacking US targets. And the Obama administration formally accusing the Russian government of stealing emails from the Democratic National Committee.

Silent weapons; creeping killers

Attacks are easy to do and cheap to launch. The virtual “bullets” are found in unsuspecting, innocuous places: people’s pockets, keeping food warm, tallying your steps walked and watching your kids feed their broccoli to Fido. Cell phones, refrigerators, and nanny cams are just some of the billions of devices out there with processing capability. And processing capability means the capability to be compromised.

Internet security is not the focus of consumer devices when they’re being built. The financial bottom line is the focus, and manufacturers are not paying extra to secure them. How often do you update your SMART television? Just imagine when your microwave, dishwasher and fridge are connected.

It’s bad, it’s ugly and it going to get worse

Less then 10% of Mirai ‘s 600 000 plus infected devices were used in last week’s attack on Dyn. In simple terms, it barley brushed the surface. The number of IoT devices available is rapidly increasing and the sheer amount of data stored on-line or in the cloud is also sky-rocketing (pun intended). We have to get smarter because what we traditionally relied on for protection, including firewalls and anti-virus software, isn’t cutting it anymore.

Think of it as the Cold War of this era. At that time, Mutually Assured Destruction – aptly known as MAD – held the so-called super powers in check. That knowledge of the other country's nuclear capability kept those two scorpions poised in the bottle – but with neither striking. In terms of cyber crime, the difficulty lies with identifying who controls the scorpions.

The use of IoT devices toward evil deeds in the hands of the bad guys is limitless. Whether in the form of data disruption of services DDOS along with those silently creeping intelligence gatherers, advanced persistent threats APTs. The motivation can be political, power or money — all time-honoured usual suspects in the realm of war.

The many ways of how all of this interconnects I'll continue to explore on this site. It's like the black market of the world right now. Bitcoins, data stealing and then potential manipulation before releasing it to the public, thus blurring the lines of fact and fiction. The spies and moles of this war linger not in your workplace or gym, but inside your devices.

The cyber bad guys are going to continue to walk up and down the street. As I said, the weapons at their disposal are growing by the minute — literally. So all ISPs, companies, municipalities, hospitals, elections, nation states are all potential targets. So we need a plan and it needs to be a solid one.