IoT Case Study: Dyn DDoS
The Dyn DDos cyber attack of 2016 saw the loss of the internet to most of America and throughout parts of Europe. Dyn is a company which controls much of the internet’s DNS (domain name structure), crucial for connecting websites to users. As the victim, Dyn was attacked with a DDoS approach. This stands for denial of service, meaning that computers are infected with a type of malware known as a botnet. These infected computers then overload a server with traffic until there is too much and it crashes.
The botnet used for this particular attack was called the Mirai botnet, which is different to other botnets as it was not made up of computers. The Mirai botnet was instead made up of IoT devices, such as digital cameras, home security systems and home routers. These IoT devices were easily compromised and used as part of the network of botnets because of their weak cyber security. Most devices were set to their default settings and still had default passwords. With so many IoT devices in use in recent years, the Mirai botnet was huge, so the Dyn DDoS attack is seen as the largest until this point. Dyn itself claimed that there were over 100,000 endpoints to the attack, demonstrating just how large-scale it was.
With an attack of such magnitude, it was supposed that this was the work of nation state hackers. In actuality, the attack came from three friends in their early twenties from the USA who were simply trying to gain an advantage in the game Minecraft. The huge attack was therefore collateral damage, with the attackers having no aim of causing such extensive problems. This demonstrates just how vulnerable IoT devices are to attack, and the impact their lack of security can have. If the attackers this time meant no harm, it is hard to imagine the damage that could be done with truly malicious intentions at play. The number of IoT devices in every home is only increasing, highlighting how important it is that the security of these devices is taken seriously and improved upon.