This event has been called the “Mirai botnet attack.” This is an extremely important event, because it used IoT devices to effectively bring the Internet to a stop for several hours on Friday, October 21. Even Ayrstone was affected: we use Zendesk for our customer support portal, and it was unavailable off and on on Friday.
This attack was innovative in two ways: first, it did not attack the affected sites directly, but rather attacked the Domain Name Servers (DNS, the servers that turn domain names like ayrstone.com into IP addresses like 126.96.36.199) of Dyn.com, making a huge number of websites, including Zendesk, Twitter, and others unreachable, even though they were working just fine.
But the most important innovation was the way the attack was done – using a Distributed Denial of Service (DDoS) attack from IoT devices. DDoS attacks work by sending a huge amount of data to a server from a large number of devices on the Internet, overwhelming the server and causing it to fail. Up until now, the “botnets,” as the devices sending the data are known, have mostly been personal computers infected with viruses that allow a remote user to control them and cause them to send out streams of data to the target server.
As I mentioned, however, this attack was different, because it used IoT devices – IP cameras, routers, wireless networking devices, and other little devices that people don’t see as being “computers.” But your router or IP camera has a lot more computing power than the powerful desktop computer you had just a few years ago.
Hackers were able to access these devices and install “botnet” software on them because – and this is THE IMPORTANT THING – the passwords were NEVER CHANGED from the defaults. For instance, many devices come with a default username of “admin” and a default password of “admin” or “password.” If those are not changed and they are exposed to the Internet, they are an open invitation to hackers.
Now, most of the devices on your network are NOT currently exposed to the Internet – they are safely hidden from the Internet by your router’s NAT firewall. But it is still important to change the default password on devices, and, if you have “port-forwarded” to any devices to make it accessible via the Internet, it is DOUBLY important to make sure it has a STRONG password to protect it.
Ayrstone products, of course, are protected because the username and password for each device is set from AyrMesh.com. The only way an AyrMesh device can have the default username and password is if you don’t have an AyrMesh.com account, and we regularly disable devices that are not checking into an active account. However, even at that, AyrMesh devices should always be used behind a router’s firewall and not exposed to the Internet.
These devices are incredibly useful when used properly, but you have to take some minimal precautions to keep them safe. More information about the Mirai botnet attack and security of IoT devices can be found in this article and elsewhere.
This attack is a good reminder of three things:
- Make sure you always use good passwords (long, not a quotation or word) on ALL devices and keep those passwords secret,
- Don’t expose devices to the Internet unless you have to, and
- Purchase networking/IoT products from reliable vendors who can update the firmware to close vulnerabilities, preferably automatically and over the network. If not, make they make new firmware available to close holes as they are discovered, and install it regularly.
AyrMesh devices have firmware that is updated over the network. We issue several updates per year, and you needn’t do a thing – they happen automatically.
If you have any questions, of course, just let us know – email@example.com.