Now, crib monitors can be internet weapons

WASHINGTON — When surveillance cameras first began popping up in the 1970s and ‘80s, they were welcomed as a crime-fighting tool, then as a way to monitor traffic congestion, factory floors and even baby cribs. Later, they were adopted for darker purposes, as authoritarian governments like China’s used them to prevent challenges to power by keeping tabs on protesters and dissidents.

But now those cameras — and many other devices that today are connected to the internet — have been commandeered for an entirely different purpose: As a weapon of mass disruption. The internet slowdown that swept the East Coast on Friday (Oct 21), when many Americans were already jittery about the possibility that hackers could interfere with election systems, offered a glimpse of a new era of vulnerabilities confronting a highly connected society.

The attack on the internet’s infrastructure, which made it all but impossible at times to check Twitter feeds or headlines, was a remarkable reminder about how billions of ordinary web-connected devices can be turned to vicious purposes. And the threats will continue long after Election Day for a nation that increasingly keeps its data in the cloud and has oftentimes kept its head in the sand.

A new kind of malicious software exploits a long-known vulnerability in those cameras and other cheap devices that are now joining up to what has become known as the internet of things.

Hundreds of thousands, maybe millions, of those security cameras and other devices have been infected with a fairly simple programme that guessed at their factory-set passwords — often “admin” or “12345” or even, yes, “password” — and, once inside, turned them into an army of simple robots. Each one was commanded, at a coordinated time, to bombard a small company in Manchester, New Hampshire, called Dyn DNS with messages that overloaded its circuits.

Few have heard of Dyn, but it essentially acts as one of the internet’s giant switchboards. Bring it to a halt, and the problems spread instantly.

In recent times, hackers have been exploring the vulnerabilities of the companies that make up the backbone of the internet. Attacks on the companies escalated, Mr Bruce Schneier, an internet security expert, wrote, “as if the attack were looking for the exact point of failure”. THE NEW YORK TIMES