Monday, October 24, 2016

The Dyn DDoS Was My Fault

The biggest news article for the Internet of Things this last week was the attack on Dyn's DNS servers that took down a variety of sites in various locales (mostly eastern US seaboard).  It was a persistent Distributed Denial of Service (DDoS) attack on their systems and, while I do NOT claim responsibility, I think I might have been at least partly responsible.

Last Wednesday, I got an email from Dyn saying that my service had failed to renew.  This was unexpected, but upon reflection, not a surprise.  I had been using Dyn's Dynamic DNS service to allow me to access my webcams from outside my local network.  I don't pay Comcast enough to get a static IP address, so I  was using Dyn to provide a URL and then port forwarded the cameras through my router.  That way, prior to getting door sensors, I could tell if I had closed the garage door and keep track of the UPS packages on my front step.

The reason that the subscription had failed is that my bank had sent me a new credit card with a new number for some reason that I forget.  As always happens when you get a new account number, you update as many billing systems as you can remember, but only those that you remember.  Dyn had fallen out of my consciousness and I had not updated that one.  So it failed and they sent me a nice little reminder.

Of course, that reminder did more than make me look at my Dyn account.  It made me look at how much I was paying for their service and what other options I had.  Because blogging pays so darn well.  Inevitably, I found a free service: the one that is provided by the company that builds my router.  Do I trust them more than Dyn?  Probably not, but I do not DIS-trust them to the tune of $70USD a year.

So, I cancelled my Dyn account.

Two days later, I hear that they are being attacked and large swaths of the country are going without their tweets and playlists (and news and less important things).  Coincidence?  My over-inflated sense of technical importance tells me that I must be involve.

But It Might Be True, Just Not Like That

Deep down, buried under the obelisk of my ego, I know that my account cancellation did not cause the attack or really any thing other than a tick on some account retention specialists bonus board.  But it still might have been my fault.

The secondary story under the main "Dyn Got Attacked" headline is what was used to do the actual attack.  Instead of a zombie net of thousands of desktops and laptops and sometimes smartphones, this attack had a large component of internet connected DVRs, IP cameras and other IoT related devices.  One company, Xiongmai, has admitted that many of their products were involved.  And, like roaches, if you see one then you know that there are more around.

Having said all that, I am pretty sure that none of my products were involved.  Not completely sure, but almost.  And that is because I do two things:

  1. Update the log in password for all of my devices.  Especially when I first power them up.  Most of the IoT devices used in the attack were compromised because they were still using the default, factory login settings.  A quick web search on any device will net you those credentials and you can log in at will to anyone's gear that has not been updated.
  2. Keep my devices' firmwares up to date.  As manufacturers become aware of ways that their products can be hacked, they issue new firmware updates that fix the issue.  Xiongmai had released an updated firmware for most of their products in question over a year ago.  It is only those products with the older firmware that were used in the attack.
Certainly, there are other things that I could do: use a better router with more logging and alarms, not port forward my cameras, turn off the internet.  But those two things alone make it hard enough for hackers to compromise my gear that they will move on to easier pickings.

We Owe It To Ourselves

These two things are not hard.  They do not take long or require much technical expertise.  What they require is that the end user pay attention.  And we all need to.

As more of our lives is lived online and we rely on these services, not only for our entertainment but also for our livelihood, we all need to do whatever we can to ensure that the Internet works reliably.  This is the equivalent of using fire retarding insulation or clearing the brush away from your home so that fires don't spread.  It is keeping good tires on your car.  All things that are basic common sense and do more than help you, they help keep you from damaging others.

Enough soapbox for one week.  Go double check the passwords on all of your devices.  Schmoid out.

No comments:

Post a Comment