The Internet of Things (IoT), as it's known, has the ring of a friendly and harmless entity. But hackers recently showed the IoT's dark side.
The dark side of the IoT lies in its inherent insecurity; for evidence, look no further than the massive DDoS attack that struck the U.S. on Friday. All told, the attack took down large websites like Twitter, Etsy, Github, Soundcloud, Spotify, and Shopify.
The blame for the attack lies squarely on the thousands of highly insecure IoT devices that dot the U.S. map. And the list of possible culprits is long. The list of connected devices that may pose security concerns includes security cameras, smart thermostats, baby monitors and more.
The Internet of Things (IoT) Generally refers to the connectedness of various devices. IoT devices include phones, buildings, vehicles, and a growing list of appliances and other devices. The IoT is the central force fueling the increasingly connected modern day society.
An historic attack?
Dyn, an Internet Performance Management company, received the brunt of the recent attack. Following the incident, the company released an official statement about the attack in an effort to bring some clarity.
According to Dyn, the Distributed Denial of Service (DDoS) attack on Friday, October 21 targeted Dyn's Managed DNS infrastructure. The company called it an "historic attack" that involved tens of millions of IP addresses. With investigation still pending at the time of the statement, Dyn did specificy the Mirai botnet as one source of the traffic for the attacks. More specifically, devices infected by the Mirai botnet served as a main source.
Hacked Cameras, DVRs Powered Today's Massive Internet Outage https://t.co/vxDUqJ4CH5
— briankrebs (@briankrebs) October 21, 2016
Experts largely corroborated the theory of the involvement of the Mirai botnet in the days following the DDoS attack.
So, while some details remain murky, the belief that hacked cameras, DVRs, and other IoT devices played a major role in the attack remains steady.
One electronics manufacturer in particular -- XiongMai Technologies -- could be an inadvertant main player in the attack. Reports point to compromised digital video recorders (DVRs) and IP cameras from XiongMai Technologies as central to the massive DDoS attack.