A very serious attack on the Internet occurred today. A large number of websites including alaya.net were unreachable for many hours.
I don’t remember such a serious attack. In the past there were more limited attacks, but this one affected many, many sites.
Its 2016 and I remember thinking years ago in the mid-2000’s about the bad security situation then, with huge networks of compromised computers leveraged to spew out constant spam and to occasionally attack sites. I thought that, as technology would improve, that the security situation would get better. For example all those zombied Windows machines with non-updated software forming botnets. Windows has improved a lot. But now today’s attack was utilizing networks of compromised Internet of Things devices – that is things like webcams which have Internet connections.
Many of these connected devices use the same crappy, low-security chipsets and that’s how the exploits which compromise them work. But its kind of shocking that these chipsets can have these vulnerabilities. If I were in the government I would be asking how it could be that our chip making companies are, in the year 2016, releasing hardware that is so flaky. What kind of oversight of this is there?
Just as by law if you operate a motor vehicle on public roadways that vehicle is expected to meet certain basic operational and safety requirements, should not devices on the Internet be required to satisfy minimum security requirements? Just as when some junky car falls apart in the middle of the road causing damage or injury to others, these crappy chipsets are causing real harm on a mass scale.
I think the makers don’t think much of it. Perhaps they see it as just one bad chip. But that one crappy chip gets made zillions of times and is used in zillions of devices. Its not just a problem of one crappy chip, but zillions of these exploitable pieces of junk waiting to be used by attackers.
I’m sure there will be some very high-level and a lot of lower-level meetings to figure out how to deal with this and potentially worse threats. I guess for non-techies this Friday was perhaps more like a holiday. But for the hard-working techies who are responsible for the infrastructure that we frequently take for granted, I’m sure it was a hard day.
Perhaps the positive side to all of this is that when things like this occur they serve as a wakeup call and help to inoculate us against worse things. Things could have been worse than they were so maybe we should be thankful and heed the wakeup call and get to work…
FYI here’s a really good reference article: theglobeandmail.com: Internet of Things a playground for hackers
If nothing else, it makes you wonder how the hell companies are allowed to make these super-crappy chips that can then get used to inflict massive damage on the Internet. Maybe there needs to be a radical rethink about the roles and responsibilities of all devices that are allowed to access the Internet.