Cyber crime has moved closer to home than ever. The cyber attack that slowed many popular websites to a crawl last week is attracting new scrutiny to the security of the so-called “Internet of Things.”
The attack last week used a new type of malware that takes control of tens of millions of personal devices connected to the internet — including home routers, baby monitors and cameras — without their owners’ knowledge.
It was aimed squarely at Dyn, a New Hampshire tech company that monitors and routes traffic for major internet companies, including Airbnb, Etsy, Spotify and Twitter and popular news sites like The New York Times, The Financial Times and CNBC.com.
Related: Who Shut Down the Internet Friday?
The co-opted smart devices then worked in concert to overwhelm Dyn’s systems with junk traffic, crippling access to their clients’ sites for several hours.
The FBI and the Department of Homeland Security are investigating the attack.
In a interview Sunday at Dyn headquarters, Chief Strategy Officer Kyle York called the attack “absolutely unprecedented.”
“What we discovered [was that] it was a part of an botnet attack called the Mirai botnet, which basically goes into folks’ homes and takes over Internet of Things devices and literally turns them into attack vectors,” York said.
A senior U.S. intelligence official and other cyber experts told NBC News that the attack was likely not to have been state-sponsored.
Hangzhou Xiongmai Technology, a Chinese component manufacture whose technology is used in digital video recorders and cameras, said in an email to tech industry publications Sunday that the attack appeared to have exploited security vulnerabilities involving weak default passwords in its products.
That doesn’t ease the minds of millions of people who connect to the Internet of Things (often abbreviated as IoT) on a daily basis.
Kari Giordano’s family uses smart devices for cameras, lights, music and thermostats and the garage door.
“It’s like a contradiction, because you’re doing something to keep yourself safe and you’re opening yourself up to who knows what,” Giordano said. “It’s disconcerting. It’s frightening, especially with kids.”
Cyber attacks on smart-home devices are expected to grow exponentially in the coming years. According to Gartner, a technology research company, an estimated 6.4 billion connected devices were in use last year. By 2020, that number is expected to more than triple to 20.8 billion devices.
York encouraged consumers to think carefully about what and when they connect devices to a cloud or even to the internet in general.
“Think of a domain name or website as the same as a storefront of a brick-and-mortar store, and think about all the things that go into that store,” he said.
“It’s the electricity, it’s the plumbing, it’s the flooring, it’s the heating, it’s the sale systems, it’s the filing cabinets,” York said. “If you think about it in a real physical way, behind every website on the internet, it’s the same thing.”
To protect your privacy and security, experts recommend:
- Learning how your connected devices work and determine whether they’re internet-enabled.
- Follow security instructions to change default passwords on all devices (including those that may not have obvious passwords).
- Update hardware with the latest software and consider using an internet hub at home for any smart-home hardware