Update: It was reported Sept. 27 that a near terabyte/sec attack was foisted on hosts of Minecraft servers in the first thermonuclear attack on U.S. servers. Who's next?
Does the thought of 600 Gbps-plus of traffic hitting your URLs excite you? Do you get tingles up and down your spine thinking about watching your line of business apps frying? Perhaps that wonderful text, where an alert from your financial processor says “We’ve gone black, again, and expect to be back online perhaps maybe possibly tonight” thrills you.
The Internet of Thingies (IoT) is actually nuclear, and we’ve witnessed the first use of a nuclear internet weapon.
Brian Krebs’ Krebs on Security site was smashed. It could happen to you.
Although the attack hasn’t been fully disambiguated, it appears to have been a combination of varied attacks, including untold volumes of radioactive internet pepper spray from IoT devices.
Some believe it to be an attack on free speech and certain revenge for outing DDoS as a Service.
In this space, I’ve warned about this profusely. Whether it’s IoT tea kettles, cameras, even cars, it’s been a recipe for disaster.
After that, I wrote about the vacuousness of Underwriters Laboratories baby-step efforts to bring the UL moniker to IoT devices.
Add to that, coverage of the unceasing march of devices into the marketplace.
So, let me add a little hope of internet non-proliferation treaties: the Industrial Internet Security Forum. These are vendors, though more in the industrial space than the consumer space. It’s an international organization that announced a framework and methodology to test IoT gear.
I’m watching them closely.
The problem is millions of really stupid IoT devices are already in the marketplace and more are being sold every day.
I call for a ban on them. They are as dangerous as post-Soviet era nuclear weapons. If you have any question about this, ask Brian Krebs.