This hack of some of the world's biggest websites, through interference with DNS functions, might be considered to be comparable to detonation of a digital nuclear bomb. It reveals vulnerabilities and actors willing to exploit those vulnerabilities. This is ramping up of cyber-war to a new level of aggression that could prove profoundly more disruptive than shutting down of too-big-to-fail banks.
Yesterday, Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times websites were taken down by a DDOS (dedicated denial of service attack)-- a massive use of hundreds of thousands, possibly millions of hacked, infected devices coordinated into a bot net, to tie of bandwidth so regular users couldn't access the sites.
In the past, most DDOS's were launched using hacked, virally infected computers. This time, the NYTimes reports, in a must-read article, the hacked devices were
"...internet-connected devices like cameras, baby monitors and home routers that have been infected -- without their owners' knowledge -- with software that allows hackers to command them to flood a target with overwhelming traffic."
These kinds of devices are what comprise a massive, relatively new component of the internet-- "The Internet of Things," known as the IOT. It is estimated that by 2020 there will be over 20 billion devices attached to the internet of things.
This is startling news, that these connected devices can be hacked without users knowing. It is a clarion call for investigation and development of new, far tougher security programming and technology which prevents online devices from being hacked, possibly even before being sold, and then included in DDOS bot nets.
To make matters worse, the DDOS targeted DYN, a one of the companies that supports the domain name system, or DNS, which enables people to connect to websites. Hacking such a server service can take down or disable access to the biggest sites. The fact that hackers are targeting DNS serving websites is very, very dangerous. The NYTimes article points out,
"It is too early to determine who was behind Friday's attacks, but it is this type of attack that has election officials concerned. They are worried that an attack could keep citizens from submitting votes.
Thirty-one states and the District of Columbia allow internet voting for overseas military and civilians. Alaska allows any Alaskan citizen to do so. Barbara Simons, the co-author of the book "Broken Ballots: Will Your Vote Count?" and a member of the board of advisers to the Election Assistance Commission, the federal body that oversees voting technology standards, said she had been losing sleep over just this prospect.
"A DDoS attack could certainly impact these votes and make a big difference in swing states," Dr. Simons said on Friday. "This is a strong argument for why we should not allow voters to send their voted ballots over the internet.""
Some are intimating that Wikileaks supporters were behind the hacks. Cybersecurity blogger Bruce Schneier wrote, last month, on lawfareblog,
"Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses."
But Schneier posted on his blog,
"If I had to guess, though, I don't think it's China. I think it's more likely related to the DDoS attacks against Brian Krebs than the probing attacks against the Internet infrastructure, despite how prescient that essay seems right now. And, no, I don't think China is going to launch a preemptive attack on the Internet.
Brian Krebs characterizes DDOS attacks as powerful forms of censorship, saying,
"...one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach."
Krebs cites a widely known John Gilmore quote, " "the Internet interprets censorship as damage and routes around it." and then argues,
""Censorship can in fact route around the Internet." The Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship."
This should be top headline news. It should be considered a threat to democracy and to commerce.