Image Credit: Marcelo Graciolli/Flickr
On Friday October 21, 2016 there was a massive DDoS attack which brought down a lot of your favourite sites including Twitter, Reddit, and Netflix. Since then, we have learned that hackers took control of thousands of Internet of Things devices such as internet connected fridges, toasters, cameras, smart TVs and routers to swamp these websites with an overwhelming amount of traffic, to the point where they were unusable. In other words, they created a Botnet of tiny computers to take out a chunk of the internet.
The hackers didn't target these sites directly, instead they targeted Dyn, a DNS provider that manages web traffic for these websites. Think of DNS as the phone book of the internet. I.e. when you type bbc.co.uk into your browser, your browser will do a DNS lookup to find the unique IP address of the BBC server so that you can view the content.
So how did the hackers manage to take control of such a vast number of devices?
Well, the hackers can easily lookup any device which is connected to the internet in just a few clicks.
One particular website which enables you to do this is Shodan, which describes itself as "the search engine for the internet of things". It basically enables anyone to lookup information on any device that is connected to the internet.
So why would anyone want to create a service like this? Well read on to find out more about Shodan and how you can check the security of your Internet of Things devices.
So basically hackers will find out which devices are the least secure and which devices are the easiest to compromise. If they know how to compromise a particular type of device, then they will look for these devices on the net with the intention of hacking them in bulk.
Shodan isn't magic, in fact anyone with the skills can make a similar tool to search for internet connected devices. This is because each device has a unique IP address (e.g. 123.456.789.1), which identifies that device on the internet. Since these addresses are public information, any search engine can index them, not just Shodan, Google or Bing.
So back to the question of why anyone would want to build such a service. Well it helps white hat hackers (ethical, good hackers) and researchers. According to CNET, researchers use Shodan on a regular basis.
Hackers almost certainly use search engines to find internet connected devices to use in big attacks like we saw in the attack against Dyn, but they will also use other tools too, available on the dark web and other shady places.
It's more important that white hat hackers have access to these tools too so that they can find vulnerable internet connected devices before the bad guys do.
I can definitely see more of these kind of attacks, and they're only going to get bigger. But we all need to do our bit to try and stop attacks from happening. Granted manufacturers are at fault for sending devices out with the same default usernames and passwords for all devices, but as individuals, we should change them to help stop them from being compromised.
Finally we should also make sure that the software and the firmware on our devices is fully update to date, which should help close the holes and remove some of the vulnerabilities.
