Viruses are almost as old as the Internet itself. When dialup first came to India in the late 90s and early 2000s, it typically came with a warning from the friendly neighbourhood technician to install a pirated antivirus software of his choice – especially if you were going to explore the nether regions of the web.
A lot has changed since then. Computers have gotten a lot better at dealing with viruses and users – with the unfortunate exception of your grandparents, who simply cannot be saved – have gotten a lot savvier. But the digital malcontents of the world have also adapted to this new status quo. The primary targets of the biggest names in malware these days aren’t computers, but the plethora of Internet-connected appliances that has flooded the market in the last few years.
Everything from a television to a toothbrush is connected to the Internet these days, but that doesn’t really make them as ‘smart’ as the marketing material might claim. In fact, they’re incredibly dumb when it comes to the basics of network security, as hackers been finding out recently.
One name currently towers above all else in this conversation – Mirai. The malware, which primarily targets routers and webcams, has turned creating a zombie army of millions of hacked devices into child’s play. This army, known as a Botnet, can then be used to conduct what is known as a DDoS attack wherein all the devices drive traffic towards a single target, thereby overwhelming its bandwidth limits and knocking it offline. It is the Internet equivalent of repeatedly beating someone you don’t like with a baseball bat until they can’t talk anymore.
Mirai’s source code was leaked online in September, meaning anyone who hung around the right corners of the web now had the ability to amass an army of their own. Since then, there has been a spate of attacks against targets of all sizes and descriptions all over the world. First, independent security researcher Brian Krebs, who’s done a lot of work against malware operators in the past, was hit with an attack that focused 600 Gbps of traffic onto his website. That set a new record for DDoS attacks in terms of scale. The record lasted less than a few weeks, as US-based webhost Dyn was hit with an attack that measured up to 1.2tbps of traffic. That attack took major websites like Twitter, Spotify, The Guardian and CNN offline for most of a day before Dyn could get its defences in order.
Several Mumbai-based ISPs have also been the target of DDoS attacks that have been ongoing since July, resulting in intermittent service and reduced speeds.
Also Read: The Great Indian Internet Speed Test
If all of this doesn’t seem scary enough, reports have been swirling around for the past few days that a Mirai botnet was recently used to knock the Internet of an entire country offline. The West African nation of Liberia was DDoS’d over several days, severely crippling its Internet infrastructure.
While the experts will likely tell you that there are defence measures that can be taken to protect against such attacks, what they might leave out is that Mirai, and other botnets like it, are still in their infancy. A botnet of 100,000 devices was all it took to disrupt Dyn’s services. A significantly larger number of Internet-connected devices are being powered on for the first time every day, rapidly multiplying the building blocks from which the DDoS Cannon of Ultimate Doom can be built. The creation of a botnet consisting of a million devices or more is not inconceivable in the coming decade. And there is no defence in the world that can protect against that possibility.
Cover Image Courtesy: Shutterstock.com