Bruce Schneier takes to the pages of Technology Review to remind us all that while botnets have been around for a long time, the Internet of Things is supercharging them, thanks to insecurity by design.
Botnets are useful for denial of service attacks, but they're also an indispensable part of the spam ecosystem, clickfraud, extortion, and other bad news.
Cheap IoT gadgets are manufactured by absentee proprietors and large, respected companies who ignore urgent warnings about their defects (or punish people who complain by remote-bricking their gadgets), leading to nightmarish breaches.
Worse, IoT manufacturers use antiquated DRM laws to threaten security researchers who reveal the defects in their products with brutal lawsuits and even jail-time (and this will be a risk for any device controlled by a browser).
Once you know a botnet exists, you can attack its command-and-control system. When botnets were rare, this tactic was effective. As they get more common, this piecemeal defense will become less so. You can also secure yourself against the effects of botnets. For example, several companies sell defenses against denial-of-service attacks. Their effectiveness varies, depending on the severity of the attack and the type of service.
But overall, the trends favor the attacker. Expect more attacks like the one against Dyn in the coming year.
Botnets of Things
[Bruce Schneier/MIT Technology Review]
Consumer Reports' Digital Lab does groundbreaking privacy research: they're hiring for eight positions including technologists ("resident hacker," "digital standard manager," "information security researcher," "program manager, security and testing," and "privacy testing project leader"); journalists ("digital content manager"); policy and comms ("senior researcher, digital competition" and "associate director, strategic communications — technology and privacy"). Most of […]
Ship's captains and outside monitoring firms have reported waves of GPS jamming around Shanghai's ports, on a scale and of a severity never seen before: the jamming causes ships' locations to be incorrectly displayed and to jump around; the observations were confirmed via an anonymized (sic) data-set from a short-hire bike firm, whose bikes are […]
Wired security reporter Andy Greenberg's latest book is Sandworm (previously), a true-life technothriller that tells the stories of the cybersecurity experts who analyzed and attributed as series of ghastly cyberwar attacks that brought down parts of the Ukrainian power grid, and then escaped the attackers' control and spread all over the world.
Paying for things is all too easy online these days, and that’s why managing your money has gotten so hard. We’ve all done it: You sign up for a streaming subscription or gym membership, blow past the free trial date, and it becomes a part of your monthly expenses. Some of us juggle so many […]
We all know those gifts we get “for the kids,” the ones that parents are secretly more excited to open. Drones are a perfect example, but there’s a model out there that really doubles down on that appeal. Introducing the Space Fighter Building Block Drones, a series of space fighter drones that are a blast […]
The hardest part of web design can be nailing down the look. These days, even non-designers can easily spot a stale stock photo or lazily-made icon. What’s the solution? No matter what kind of artist you are, it’s always a good idea to widen your palette. And with more than a million vector images to […]