In the wake of a recent distributed denial of service (DDoS) attack on the East Coast-based Internet infrastructure company Dyn, California Attorney General Kamala D. Harris advised Californians on ways to protect themselves from potential hacks. The attorney general, who is a candidate for U.S. Senate, urged Internet of Things (IoT) manufacturers and developers on Monday in a release to the press to “take immediate steps to help secure home electronic devices against capture by a potential ‘botnet attack’ from a cyber criminal.”
IoT refers to the increasingly connected world of smart devices, which includes everyday objects such as home appliances. A “botnet” is “a network of infected computers, where the network is used by the malware to expand,” according to the press release. “A botnet attack occurs without the computer owners’ knowledge, and is typically used to send spam emails, transmit viruses, and engage in other acts of cybercrime.”
In the recent botnet attack against Dyn on Oct. 21, hackers allegedly “used malware to infect and remotely control IoT devices, without the device owners’ knowledge, and overloaded Dyn with remote requests, making it incapable of responding to any requests to load Web pages.” The DDoS attack left millions of people across the country unable to access thousands of websites throughout the day.
“What is unusual about this recent attack is that tens of millions of everyday household devices were taken over primarily because of the widespread use of factory-default username and password combinations,” said the press release. “These factory-default passwords could be found simply by searching online for terms like ‘default router password username combinations.’” Bad agents can then scan the Internet for devices with these factory default passwords, then hack and install malware that allows them to control the device, the release continued. They can then collectively use an army of hacked devices to launch attacks that cripple websites and service providers.
Harris recommended changing the default password on any and all household electronics, such as DVRs, webcams, printers, routers, and any smart appliances such as lights, air conditioners and even refrigerators. For more information on safe password practices, visit https://oag.ca.gov/privacy/safe-password-practices. To further learn how to protect yourself and your home against computer viruses, visit the Attorney General’s Privacy Enforcement and Protection Unit website at https://oag.ca.gov/privacy.
