Scam of the day – October 26, 2016 – How to protect yourself in the Internet of Things

Distributed Denial of Service (DDoS) attacks against companies that temporarily shut down websites by flooding them with more traffic than they have the capacity to accommodate are nothing new, however, what was unusual about last week’s DDoS against Dyn a prominent Domain Name System (DNS) provider that hosted such popular sites as Amazon, Twitter, Spotify, Netflix and Paypal was that the botnet of hijacked devices used to launch the attack was not made up of hacked computers, but rather was made up of hacked devices such as smart televisions and webcams that make up the Internet of Things which are devices connected to the Internet that one would not generally think of as requiring security.   However, anything that  is connected to the Internet can be hacked and used to become a part of a botnet and therefore requires security precautions.

So what can you do to protect yourself from having your devices hacked and becoming part of a botnet?


Your first line of defense is your router so it is important to change the default password with which your router came.  In addition, each of your Internet of Things devices should have its own distinct password.  Unfortunately, particularly for older devices that are a part of the Internet of Things, security was not built into these devices and they may not even be password enabled. Another helpful device is an Internet hub which is a a device that can control multiple Internet of Things devices through a single mobile app that utilizes dual factor authentication and encryption.  The manufacturers of these Internet hubs such as Samsung’s SmartThings also provide regular security updates.  Not all Internet of Things devices are hub certified which is why when buying an Internet of Things device, you should look for hub certification as an indication that the manufacturer is security conscious.

Finally, and perhaps of greatest importance in protecting yourself from becoming part of a botnet is to do what you already should be doing which is refraining from clicking on links or downloading attachments in emails that may contain the malware enabling a hacker to access first your computer and move through it to your entire network of Internet enabled devices.  Never click on links or download attachments unless you have absolutely confirmed they are legitimate.

Scam of the day – October 22, 2016 – Massive DDoS attack hits Eastern United States

For a few hours yesterday many Internet users on the East Coast of the United States were unable to access some of the most popular destinations on the Internet including Amazon, Twitter, Spotify, Netflix and PayPal as a result of a massive Distributed Denial of Service (DDoS) attack on Dyn a prominent Domain Name System (DNS) provider that hosts the attacked companies’ websites.  Domain Name System providers permit you to type in a simple web address such as which then gets translated into the long, complicated numeric Internet address of the company and connects you to their website.  A DDoS occurs when the DNS provider gets flooded with an overwhelming amount of traffic which causes the website to shut down.  Often the traffic comes from an army of botnet computers which are computers of unsuspecting people that become infected and can be remotely used to send the huge amounts of communications necessary to cause a DDoS.  This problem has become magnified as the cybercriminals infiltrate and incorporate into their botnet not just computers, but also the myriad of devices that make up the burgeoning Internet of Things.  Anything that  is connected to the Internet can be hacked and used to become a part of a botnet.  Too often, many of these devices that make up the Internet of Things are poorly protected with weak passwords and are easily hacked.

While this particular DDoS was remedied after a few hours, the threat of DDoS attacks continues to increase.  Banks and other financial institutions have found themselves particularly targeted in the last year by DDoS attacks.  The potential for major disruption of the Internet by DDoS attacks is significant.


While there is nothing that we as consumers can do to stop DDoS other than to maintain the security of our own computers and devices connected to the Internet to keep them from becoming a part of a botnet, there are a number of steps that companies should be taking to protect themselves from future DDoS attacks in addition to the regular Firewalls and routers configured as best they can be to reject malicious traffic including the use of load balancers to spread traffic across multiple servers within a network to create additional capacity to handle the traffic as well as cloud based programs to identify and divert malicious traffic.

Already we have seen the threats of DDoS attacks used to extort money from companies and the threat that DDoS attacks pose is increased because cybercriminals are now selling the malware necessary to carry out such attacks on the Dark Web which is that part of the Internet where cybercriminals do business.  In addition, cybercriminals can also rent the use of botnets on the Dark Web as well to assist them in carrying out their crimes.