Image: FBI
US government plans to DDOS attack "Strategic principles" To secure the Internet of Things
The DDOs attacks by means of a botnet connected to the internet (internet of things) have unavailable websites of coarse US companies as Netflix, Amazon, Twitter, Reddit or New York Times unreachable on Friday last week. It was the so far solid attack with a Botnet, which was executed with the program Mirai published in September in a hacker forum. With this, attacks with a volume of more than one terabyte can be carried out per second. You have caused the low-protected servers from DYN, a DNS provider, overwhelmed, and that web address requests could no longer be dissolved in IP addresses and forwarded. So, with a massive spam attack on a large DNS provider, numerous websites can be affected.
If you are the taders, it is still unknown, it circulates the good-eyed and guess, Russia is brought into play. The attackers probably have, mainly monitoring cameras and digital video recorder of the Chinese manufacturer Xiongmai Technologies can use, as they are delivered with a standard password. Employee of the Security Company Flashpoint and the Security Bloggers Brian Krebs found that many of these devices delivered worldwide "Username: root" and "Password: XC3511" were set – and the password was also unchanged in the firmware. So you just need to scan with Mirai and to infigate the devices. Users usually do not get along that their device was captured, which makes the program Mirai from IoT advantages an army of things. It also had another manufacturer.
Meanwhile, the company has begotten, millions of advanced, especially IP cameras, to bring back. Mirai "A catastrophe for the Internet of things", So she wrote in a mail to journalists. However, in September 2015 you have spread a fix for the firmware, the hardware sent since then encourages users to pay the preset password.
Experts ame that further massive DDOs attacks will be done on the basis of the Internet of Things, as these are often poorly secured as computers, security striking persist if no patches are made or users do not carry out updates. And the Internet of things swells virtually daily with other advised surveillance cameras, chill barriers, thermostats, currents or fire detectors and all other gadgets and sensors of smart homes as well as thousands of other things in which a MINIC computer is integrated with connection to the Internet.
By attacks on the domain name system could be switched off by way of all the top level domains (TLDs) like .Com or whole countries like .de. Significantly increasing the Machine to Machine compounds (M2M), no longer intended for human intervention. Estimates of 2 billion M2M-related M2M rates alone in Europe until 2019.
In the US you are closed after the attack. The home protection ministry DHS reacted quickly and has already advised on the day of the attack with several major communication providers, as such massive DDOs attacks can be prevented in the future. On Monday, the Minister Jeh Johnson explained that they have closely monitored the forelegal and forwarding important information to the partners.
He confirmed that the attack with the malicious program Mirai was the internet of things. The National Cybersecurity Communications and Integration Center with him with the judiciary, the private sector and scientists in the development of funds that provide protection against Mirai and similar programs. And one is there, "Strategic principles for securing the Internet of things" to work out. What is meant by that, he likes, of course, in mysterious darkness.
However, the industry fears a strict regulation and control. Refer to the fact that the SPAM problem has not been solved by a law as in the US 2003. Furthermore, 90 percent of the emails spam are. But for the internet of things there are no certifications, everyone can bring on the market what he wants, and thus engraving the risks.