You Might Be Part of the 'Botnet' Army and Not Even Know It
Hackers look for the path of least resistance, but there are ways to make sure your internet-connected devices put up a fight.
In horror movies, the invading threat is usually a monster, a human turned evil or something undead. But there is a horror movie scenario unfolding around you right now and without knowing it, you might be one of the extras.
It involves a 'botnet' army made of enslaved internet-connected devices, yours for example, your router, webcam, computer or tablet. But that's not all. Hackers are renting out these armies to take down big parts of the Web.
Over 900,000 customers of Deutsche Telekom, Germany's largest telecom company, lost service last weekend because of an attack. In October, well-known sites Paypal, Spotify, Twitter and others came down by a similar attack. And it is not only large Internet properties that are taking hits. Freelance security journalist Brian Krebs found his site disrupted by a massive attack in September.
Building an army is easy to do. Hackers use a bit of malware - in these recent cases, one called Mirai, which is freely available on the Internet. They send the malware out onto the internet searching for devices with weak password protection. The malware hacks into them, infects them and uses them to flood a target website with requests, clogging up its server.
The so-called distributed denial-of-service (DDoS) attack can be launched again and again because once a device is infected, the hackers can call upon it any time to do their bidding, or anyone else willing to rent the mercenary zombie army.
"Botnets are nothing new though," explains Adriel Desautels CEO of Netragard, a security services company that protects businesses from such attacks. "They have been around since the 90s, even the late 80s. What's new is that home connections now have such high bandwidth. So when people purchase access to a botnet army they have a lot more firepower. That's why these attacks are a lot more noticeable."
Back in October, security firm RSA told Forbes that hackers were selling an army of 50,000 botnets for $4,600 or 100,000 for $7,500. Hackers like a bargain, too.
Earlier this week, the independent security researcher known as MalwareTech told Motherboard that two hackers now controlled about 75 percent (roughly 400,000) of all Mirai-infected devices. An advertisement to rent an army claims "flexible plans and limits" and "free short test attacks, if we have time to show."
These same two hackers claimed responsibility for the Deutsche Telekom attack.
So how can you resist becoming part of this zombie army? According to Desautels, there is no perfect safeguard. "Every piece of technology we use today is vulnerable at some level," he says. "If virus protection worked infallibly there would be no botnet army."
One reason virus protection fails is that people bypass it by opening infected emails, going to infected sites, downloading infected software, and installing hardware with weak protections. The best defense? "Be smart," says Desautels. "Use your head."
Byron Rashed of security company InfoArmor agrees. "There is no bullet-proof security system that will protect you from malicious threats." But criminals look for the path of least resistance and there are ways to make sure you and your devices put up some resistance.
Gary Davis, chief consumer security evangelist at Intel Security, says, "The most important thing to do before bringing new Internet-connected devices into your home is make privacy and security part of your purchase criteria. If the company doesn't have a good reputation in those areas, avoid that device."
And once you get a device home, make sure you update to the latest software versions and change the default passwords. "Many manufactures use simple or commonly known passwords," says Davis. "Change these passwords to something unique and complex to add a considerable layer of difficulty for anyone trying to access the device."
"Layering security is the best defense," Rashed says. "Firewalls, antivirus software, and other layers of protection are necessary to reduce the risk of a successful attack. And put Internet of things devices on a secure network that does not use an obvious password."
But, as Desautels points out, hackers do not have to get around people like him, who understand technology, because there are many more people who fail to secure their devices. Knowledge is your best defense in this war. Every little bit you learn about protecting yourself from becoming a Zombie is a step toward protecting the world from evil. Instead of fighting evil with a sword, try fighting it with your mind.
WATCH VIDEO: Is the Internet a Right or a Privilege?