Last week, all of us sustained a shocking and disturbing reality check. Friday morning, October 21, 2016, which was much like every Friday morning that had come before, we were suddenly under attack. The Internet as we know it was slowed DOWN to a literal crawl. Several hours went by when you could NOT check your Twitter feed for the latest election insanity, or listen to the latest Gaga hit on Spotify. You couldn’t even buy that handmade pumpkin spice soap you’d been contemplating on Etsy or even upload that latest James Patterson bookshots to your Kindle on Amazon. This was a massive cyber assault. We haven’t seen anything like it before, but experts are telling us that it’s very likely we could see many attacks just like it, or even worse, in the future.
At the end of last year, I wrote a blog post looking ahead to online trends for 2016. One of the highlights was the “Internet of Things”. This year, it has been difficult to escape being connected to the Internet of Things. There is a smart something or other for nearly every part of your day, especially at home. Now that we all carry a super-conductor computer around with us everywhere we go, it’s hard not to want to control everything we can remotely. You can program your thermostat to kick on the heat when an unexpected cold front blows in, you can have your refrigerator order milk for your cereal when you run out. Your printer can direct order toner when its levels start to run low, and, of course, sooner than we thought even a few months ago, you can have your car drive you home all by itself, or even have a beer truck make a delivery all by itself.
All this convenience comes with a cost. What amazing thing doesn’t? This cost became a lot more obvious last Friday. The Internet of Things is, by default, connected to the internet and that internet is growing increasingly vulnerable to malevolent forces.
One Ringy Dingy…
A company that most of us have NEVER heard of, called Dyn, was essentially hacked. Dyn provides what is essentially the life-force of the internet to most of the really big deal websites we all know and love. Dyn provides a Domain Name System (DNS.) This DNS system is what helps computers and other smart devices communicate with domains.
Think of a DNS like Ernestine, Lilly Tomlin’s iconic telephone operator character. You would dial her up at her switchboard and she would take one of those old timey cord things and connect you to the number you were trying to reach. Hackers used multiple devices to overload websites with a huge number of pretend visits, overloading the system and causing many of our mainstay internet go-to’s to slow down significantly or to crash completely. It would be like a million of us calling Ernestine all at once. She would blow a literal fuse.
The new wrinkle that makes this Distributed Denial of Service (DDOS) attack different and chilling is that the devices used in this highly organized pummeling of the internet weren’t just pcs and laptops but also involved myriad numbers of other web connected digital devices. This enemy enlisted an army from the Internet of Things.
These “Things” run the gambit from DVRs, coffee makers, smart TVs kitchen appliances, programmable thermostats (who DOESN’T want a Nest?) webcams, security cameras and even baby monitors and GPS trackers for your dog. Did you know that there is a device called Swon in the works right now that you install in your shower-head to keep track of your water consumption and moderates your shower’s temperature? This will surely help stick to only the first couple of courses of “Bohemian Rhapsody” during your morning routine, so you don’t destroy the planet by using ALL the water.
There is a silent force sitting in your house right now, which is highly susceptible to being enlisted into an enemy battalion bent on mayhem and destruction. Some of them are probably blinking their little red eye at you this very minute. I don’t know if you watch “The Strain” on FX (if you don’t, you should, but it will remove any romantic “Twilight” and “Dracula” notions of vampires from your imagination forever. These blood-suckers are GROSS!!) This silent army of smart things reminds me an awful lot of the strigoi and their Master, (who, as you can guess, is NOT a benevolent and peaceful leader) in the way they communicate. And that is how an evil mastermind can take control of our favorite websites and bring us to our kicked off line knees by reaching out to his millions of blinking red eye soldiers.
The Password Is STILL Password
So how do we fight back against this seemingly omnipresent and growing army of potential internet vampires? Next time you pull that super cool new gadget out of its Amazon box, be a bit wary. When you connect it to the internet, remember that it has a PASSWORD! And that password is likely something like 123456, or the ever-reliable word, “password”. Looking back at a blog post I wrote in January of last year about passwords, the most popular password of the past few years was 123456, showing either a decided lack of imagination by a lot of us or just plain laziness in not changing the factory installed password.
“The Guardian” compiled a list in March 2016 of the most popular passwords, and guess what was number one!? Number two? This great piece also gives you advice on how to pick and manage your passwords. Qwerty is #4? People really still touch type? Football ekes out baseball in popularity, also weird considering this list was compiled from both the US and Western Europe, leading one to conclude that Football might be what those Europeans erroneously call Soccer and not our World Class BEST SPORT IN THE WORLD, REAL FOOTBALL!!
You Have Your Own Army
Be scared. There is malware living on the internet right now that can sneak into your online army and usurp them by guessing their weak and silly little passwords. That is how the Dyn attack happened. And unless we all do our part, something very like it or even worse will happen again. There was no hacking of personal or sensitive information; the purpose seemed to be to show off the vulnerabilities of the Internet. We are in the midst of a Presidential election which is literally being hacked in various ways. Who knows what the future holds?
It is really up to all of us to accept responsibility for the creature armies we create. Do what you can to keep your own Internet of Things in line by providing them with strong, solid passwords and don’t let them do their own bidding. Keep your own private army disciplined and inline online and maybe we can all get through this together. Or else you’re going to wake up one morning to buy that brand new Swon and Amazon will be DOWN. And while that is happening, your toaster and your security camera are going to plot to change your door locks to keep you out of your own house while at the same time your self-driving car decides it’s really time to take a left instead of a right and head straight into that big ol’ bottomless lake…jus’ sayin’…
Halloween doesn’t have to be this spooky. You are the General. Commandeer your troops!