Internet-connected devices are almost ubiquitous, with computer circuitry now found in a variety of common appliances. They can include security cameras, DVRs, printers, cars, baby monitors, and refrigerators – even “smart” lightbulbs and clothing. Collectively those devices are called the Internet of Things.
The Internet of Things is a big, juicy target for criminals. Up to a million devices were hijacked to create the Mirai botnet which was used to extort companies and brought to the school in New Jersey to its knees. The botnet was later exploited to bring down the vast swaths of the Internet in a sustained attack on Oct 21, 2016.
Paras Jha, a former Rutgers University student, pleaded guilty . Named after an obscure anime film character, Mirai scoured the Internet for unsecured devices and easily found them.
Once discovered, the Internet of Things devices were hijacked by the Mirai malware and became part of a botnet that launched assaults on Internet service providers and scores of websites. Jha, 21, allegedly monetized the botnet by demanding ransom to call off the attacks, using it to inflate the number of advertising clicks on websites, and renting it out to other hackers for their own nefarious ends.
The attacks on Rutgers' computer system may have cost the school US $ 9mil (RM36.70mil), prosecutors said. Rutgers officials told NJ.com that the school hiked tuition in 2016.
When Jha discovered the federal investigators, he was the Mirai source code to the world to cover his tracks. The code is still circulating online and causing damage, according to Brian Krebs, of KrebsOnSecurity.com.
Krebs advises taking these precautions to keep your Internet in. Things devices protected:
– Avoid connecting your devices directly to the Internet.
– Change the default credentials to a complex password that only you will know and can remember.
– Check the defaults, and make sure things like UPnP (Universal Plug and Play – which can easily poke holes in your fire wall without you knowing it) are disabled.
– Avoid Internet of Things devices that advertise built-in Peer-to-Peer (P2P) capabilities. P2P Internet of things devices are notoriously difficult to secure, and the research has repeatedly been shown that they can be reached even through firewall remotely over the internet. That's because they're configured to be able to find ways to connect to a global, shared network, that people can access them remotely.
– When it comes to the Internet of things devices, cheaper is definitely not better. There is no direct correlation between price and security, but you can not afford it.
– Do your research. Consider the security features of your Internet. If the device uses a password, make sure it allows you to change it.
– Update firmware when available. Internet of Things devices can be susceptible if not regularly patched. Only install updates from known and reputable sites.
– Disconnect your insecure Internet of Things devices. Outdated security? Can not update passwords? Then unplug it.
– Turn off Internet of Things devices when not in use, or periodically if otherwise always on. Malware is stored in memory and can be turned off by turning the device off and back on.
– Protect routers and WiFi networks. Use your router's built-in fire wall, confirm it's enabled.
– Use antivirus and intrusion-detection products.
– Ask for help , or hire help, if you can not figure out fire walls or how to “segment” your network of Internet devices.
Some free online resources Mirai or other malware. Be cautious and use only well-known sources.
If you suspect your Internet connection is blocked. Change the password. – The Philadelphia Inquirer / Tribune News Services