By Steven Melendez
On Friday, a series of massive distributed denial of service attacks disrupted access to major internet services including GitHub, Twitter, Spotify, and Netflix.
The attackers apparently used tens of thousands of hacked internet of things devices—household appliances such as digital video recorders, security cameras, and internet routers—to generate a massive amount of digital traffic. That digital noise was sent to Dyn, a domain name service provider used by major online companies, disrupting its ability to translate human-readable internet addresses into the IP addresses networks use to route traffic.
The attack came after years of warnings from security experts that the makers of many internet-enabled devices paid too little attention to security, shipping internet-connected hardware with preset passwords, insecure default connections, and other vulnerabilities.
“It is just a matter of time until attackers find a way to profit from attacking IoT devices,” a report from security firm Symantec warned last year. “This may lead to connected toasters that mine cryptocurrencies or smart TVs that are held ransom by malware. Unfortunately, the current state of IoT security does not make it difficult for attackers to compromise these devices once they see the benefit of doing so.”