PHILIPSBURG, St Maarten—Keep it secret. And make sure it’s safe.
Don’t use your real name, your birth date, or any single word. Instead, try a short phrase that includes some numerals and even some punctuation.
Devising secure passwords for your online accounts and your family’s Internet-connected devices is simple enough, if you follow those easy guidelines. But most people just don’t.
And a major attack on a little-known company underscores how much of the security of the global Internet now depends on that unwitting majority of ordinary Internet users. On October 21, a distributed denial of service, or DDoS attack, brought down a relatively obscure US-based firm called Dyn.
DDoS attacks are fairly common. They typically use malicious software called botnets, hosted on infected computers over the Internet to bring down a specific service.
“What made the DDoS attack on Dyn especially troubling was the dangerous precedent it set. Dyn provides domain name system services, commonly referred to as DNS services. These services are a critical layer of support for the effective function of the global Internet,” said Bevil Wooding, an Internet Strategist with US-based non-profit Packet Clearing House.
“By targeting companies that provide this infrastructure support for the Internet, hackers can wreak havoc on for ordinary users, big businesses and even entire countries.”
Also disturbing is the fact that the hackers used networks of common smart devices like webcams, internet-connected TVs and refrigerators, to cause a disruption in service that was felt around the world.
“In the last two years, we’ve had multiple attacks, and the most recent attacks are using IoT devices,” said Mark Kosters, Chief Technology Officer of the American Registry of Internet Numbers, the organisation that provides number resource allocation and registration services for North America and parts of the Caribbean.
He explained that smart devices present an easy target for hackers to turn into botnets because users typically fail to secure them properly.
“A lot of the devices are vulnerable. It means that more and more homes are very quietly becoming potential sites of DDOS attacks,” he said.
“Now, we all have to make sure that all of those devices that we have around the house are secure,” he added.
“As smart devices proliferate, it will become easier for hackers to launch significant cyber attacks using unsecured IoT devices, unless ordinary end-users become more security-conscious,” said to Carlos Martinez, Chief Technology Officer of the Latin America and Caribbean Internet Addresses Registry (LACNIC).
Wooding, Kosters and Martinez were expert speakers at the twelfth regional meeting of the Caribbean Network Operators Group, or CaribNOG, in Philipsburg, Sint Maarten from October 24 to 26.
The meeting brought together technology specialists from around the region and across the world to discuss cyber-threats and solutions for keeping computer networks in the region safe. The volunteer-based group got together to share experiences and exchange best-practices for computer security and network administration.
The group had several animated debates on technology, but always seemed to agree on one thing. When it comes to cyber security, it seems that keeping the Internet of Things safe will depend mostly on the worldwide network of human beings.