If you used the internet last Friday, chances are you experienced a few problems. Twitter, PayPal, Spotify, Netflix and AirBnB were just a few of the major websites struggling throughout the day. News sites across the country, including The New York Times and The Wall Street Journal, had trouble, too. This was the result of a distributed denial of service (DDOS) attack, a brand of malicious hacking that the cyber security industry knows well.
A typical DDOS attack involves a hacker or hackers using malicious software to infect thousands of computers. They then control those infected machines to coordinate an attack, overwhelming a website with too much traffic until it crashes. Friday’s DDOS attack was more complex and more powerful.
First, the hackers didn’t use a mere “bot-net” of infected computers. They used millions of infected webcams, closed-circuit TV cameras, DVRs, routers… the so-called Internet of Things.
“We’ve all been buying these new things, connecting them to Wi-Fi. Internet wonks will call this the internet of things. Experts have been warning that these things are never secure. This is the most visible example so far of what happens when hackers hijack a tremendous number of them.”
The other thing that set this attack apart was the target. Certainly, the major companies affected by the rolling attack throughout the day were targets, but it does not appear that any one of their websites was hit individually. Instead, the hackers targeted a company called Dyn.
“[I]t is the kind of company that sits between you and a website that you’re trying to access. When you type in a web address, it makes sure that you land exactly where you intended,” Selyukh told NPR. “And Dyn’s clients are some of the most popular websites and services out there.”
Friday’s events prove that technological innovation often advances faster than technology security. We’re all vulnerable when that happens.
National Cyber Security Awareness Month
October is National Cyber Security Awareness Month (NCSAM), an initiative created to bring awareness to issues like this one, and to encourage collaboration between government and industry to serve the American public. As part of the annual campaign, Stay Safe Online offers a collection of resources to educate and assist you in shoring up your own cybersecurity. These are useful both personally and professionally, so we hope you’ll check them out.
And for those interested in insuring against potential losses due to cyber risks, many top tier professional liability insurance carriers also offer cyber liability insurance for design professionals. Here are just a few:
Keep those passwords strong!