Information Systems Integration – Tony Messina

Botnets and the IoT

Botnets are a network of infected computers or devices that are controlled remotely by cybercriminals to orchestrate spam campaigns, commit fraud, and create traffic for distributed denial-of-service attacks. Botnets have been around since the early 2000’s but have become more difficult to defend against.

Today, the Internet of Things has become a target for cybercriminals. Devices and gadgets such as webcams, DVRs and routers are being hacked, due to the lack of security that they have, to build large botnets that can be used to bring the victim’s system to a crawl and inevitably crash.  The most recent example of this type of attack was with the domain name provider Dyn.  This caused sites like Twitter and Netflix to temporarily disappear from the internet.

The reason IoT devices are not secure is because they are cheap devices that neither the seller nor the buyer cares about security because it does not effect them in any way.

How can this ever growing threat be neutralized? Is there any way that IoT device manufacturers will produce more secure products?

Sources:  MIT Technology Review, Schneier, Internet of Things

3 Responses to Botnets and the IoT

  • I think change will occur when these attacks begin to create more impactful damage. Most companies worry about the financial and reputational risks from ransomware attacks and attacks targeting valuable data. DDoS attacks are temporary and don’t steal any financial or customer information from these sites. The attackers are mostly hacktivists or just want to incite chaos and although its inconvenient to have Twitter or Netflix unavailable for an hour its not detrimental to the business. Until cyber criminals find a way to profit off of the down time they are causing, it won’t receive the same level of attention that other breaches do.

  • I agree with Ben that these type of attacks are more a hindered annoyance than a true threat, however there is usually a hidden agenda in these attacks, more than likely they are meant to facilitate other behind the scenes agendas. As the list of IOT devices grows we need to be more careful about our usage with them. We are personally not running large website with classified data, however our own personal data can be extracted through insecure devices or access points we use and further used against us. I think its more important now than ever to be aware of how you are using these devices and how they are accessing networks. Any “rapper” on the street can give you his mixtape CD, but if you put that into your computer you never know whats going to happen..

  • I agree with what has already been said here. However I would like to add that it is also partly the responsibility of the users of such devices to make sure that they are safe when using them. Of course, that doesn’t mean that the manufacturers and distributors of such devices bare no responsibility, but that the consumers also have to take steps and measures to make sure they are protected.

    That is easier said than done. There are many people who simply do not know enough to make sure they are safe, and others who simply do not want to take the time to ensure their safety and privacy. While, depending on the situation, the fault may lie more heavily with one party or the other, I believe that the only way to be 100% sure that we are protected is to make sure ourselves. We cannot always rely on companies to have the highest level security, or even care enough to put even the most basic measures in place.

    That being said, as time goes on more and more companies, who distribute and manufacture such devices, will be placing more emphasis on security. As more high-profile cases of hacking and other forms of security breaches make news, the more people will be worried for their own safety and privacy. This will cause companies who place emphasis on security and privacy to become more appealing, though how much so only time will tell. I do believe that there is hope for the future. As more people understand how to protect themselves from such threats, the harder it will be for cuber-criminals to operate.

Leave a Reply

Your email address will not be published. Required fields are marked *