In late September a record-breaking “denial of service” attack was launched against the security news site KrebsOnSecurity. For about 24 hours legitimate users could not reach the site. A week later a similar attack on another site shattered the record at 1.1 terabytes per second. These increasingly large attacks were made possible by the so-called internet of things, devices like security cameras, digital video recorders and other small home appliances that are connected to the internet.
Because of poor security design, these devices are easily compromised and added to a botnet, a network of devices that can be controlled and coordinated by hackers. The hackers use these devices to target a specific website or internet service with floods of phony traffic. This can be a lucrative business; one group collected over $600,000 over the course of two years. The poor security of these devices deserves immediate attention. When they install these devices in their homes, consumers may unwittingly be giving hackers the tools to block access to information around the world. It is a classic tragedy of the commons.
Internet service providers should create ways to inform customers when it appears that malicious traffic is originating from their home connections. Armed with more knowledge, users could update their devices to the latest standards and press hardware makers to release safer, more robust firmware.
