On October 21st, there was a massive distributed denial of service (DDOS) attack on an internet company named Dyn. Dyn controls a large portion of the servers that make up the internet ‘Domain Name System’ or DNS. These servers are essentially the traffic cops that point your web browser to the IP address of websites when you type in a domain in the address bar. If these servers were to be unreachable, as they were on Friday, your web browser wouldn’t know where to go to retrieve that site you just asked it to get for you.
The attackers used a DDOS attack to overwhelm these DNS server with so many requests, that they servers were unable to tell which requests were genuine and which were part of the attack. These hackers were able to pull off something of this magnitude by collecting access to devices that are part of what has come to be known as the ‘Internet of Things’ (IoT). The IoT includes many devices that consumers may not think of as connected devices. In recent years, refrigerators, thermostats, TVs, and even cameras have all been built with the ability to connect and communicate on the internet. While technology has progressed to allow for better communications between our devices, security has lagged behind and in some cases been left as an afterthought.
One fact that has emerged in the days following the attack is that a large portion of the connected devices used in that attack were IP Security Cameras and recorders. The surveillance devices used in last Friday’s attack were from a specific, low end, Chinese manufacture of cheap equipment that failed to build in the necessary security features needed to prevent hackers from gaining access to these systems. In most cases the vulnerability that was exploited was as simple as a default admin password that the end user was never prompted to reset. Other security holes include that these devices, by default, allow access via lesser know, but powerful avenues, such as SSH and Telnet. If a hacker is able to gain access using these methods, they can tell that device to do whatever they want. In this case it was to flood all their traffic to specific and vital portion of our internet’s infrastructure.
While on face value, this may seem like a minor inconvenience to most every day Americans, but the implications of these types of attacks reach further than you think. An attack of this nature could shut down markets and prevent the trade of stocks, could effect power grids and utilities, could even prevent or disrupt the administration of elections.
Anyone purchasing Arcdyn professional IP surveillance equipment can rest assured that their system has been built with security in mind.
- Every system automatically prompts the user to enter a default password upon setup.
- Dangerous connection protocols, like SSH and Telnet, are disabled by default.
- Frequent firmware updates mean that security holes are patched quickly.
Arcdyn is here to help you ensure that your system is never hacked or used in nefarious ways to attack others.
Contact us today to get a FREE quote.