Are You Part of the Problem?
The average consumer has probably never heard of Brian Krebs. However, in the information security world, he is a celebrity. A noted security journalist, reporting on data breaches and hacker arrests, Krebs also authored the book, Spam Nation. The book unveils the depths of organized cybercrime, from the theft of personal information to online marketplaces for knockoff drugs. In late September 2016, his blog was taken offline, a victim of one of the biggest cyber attacks in history.
The attack perpetrated against his site is known as DDOS (distributed denial-of-service), which is when traffic is directed to a single site from many different locations (distributed). The goal is to overwhelm the website and cause it to crash (denial-of-service).
Why does this matter to the average consumer? Because one of their internet-connected devices may have participated in the attack.
The author of the malware that conscripted 300,000+ devices across the internet into its army of robots (botnet) revealed the source code for study recently. As security researchers poured through the contents, they made an interesting discovery: this malware, known as Mirai, took over internet devices with weak or default passwords. In fact, there were 68 username and password pairs stored in the malware such as “admin/1111111” or “root/pass.” Brian Krebs compiled a list of DVRs, cameras, routers, and TV receivers he suspects use these password combinations.
Don’t want to be part of the problem?
How to find out about your internet-connected devices:
- Go to Google and type in “what’s my ip address?”
- Search for that IP address on censys.io
If you find a list of devices from your IP address, look for that device in your home and contact the manufacturer about changing your password. Depending upon the product, it may be straightforward. If it’s not, contact the manufacturer requesting options for keeping your device off a botnet! This is related to our discussion on Electronic Health Records and planting the seed of concern about cyber security. If informed consumers express their concerns about cyber security to manufacturers and, even more importantly, make purchasing decisions based on a product’s cyber safety, companies will make changes.