1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

What your fridge has to do with DDoS attacks

October 28, 2016

The Internet of Things: blessing or curse? That depends on how much you value your privacy against the ability of your fridge to order fresh milk. Either way, we are now more vulnerable to hackers. Here's how.

Fridge with webcam - Deutschland IFA 2016 Bosch Kühlschrank mit Webcam
Image: Getty Images/AFP/T. Schwarz

I won't even attempt to answer the question in my opening gambit. Who can say for sure this early whether the Internet of Things is a blessing or a curse (aside from the fact that clichés are always a curse).

For one this is something we all have to decide for ourselves - hopefully, after diligent public debate. We all have to decide what privacy is in the digital era, and whether it's important to us. We may support more stringent data protection laws, even a global bill of rights. Or we may find ourselves in the "post-privacy" camp and not really care.

It also depends on how highly we value our digital security.

Unbeknownst to us

Take the DDoS (distributed denial-of-service) attack that brought down a litany of popular websites last Friday (21.10.2016).

The affected websites included Esty, Github, HBO Now, PayPal, Pinterest, Playstation Network, Recode, Reddit, Spotify, Twitter, Netflix, Yammer, and Yelp.

Your fridge, your mom's webcam, computers at the local school, and a kid's doll may have all taken part - without your even knowing it. Someone, somewhere launched a piece of malware called Mirai. We've known about Mirai - so something was in the wind. And DDoS attacks themselves have been around for ages.

Infografik DDos Angriff EN

Mirai searched for poorly-protected, networked devices. That is, household devices that had little or no password protection. Reports suggest these included DVRs and webcams made by a Chinese company called Hangzhou XiongMai, which has since issued a recall on its webcams in the US. Mirai turned the connected devices into its slaves. They then launched the DDoS attack on servers run by Dyn, a so-called DNS host, and home to all those websites.

Usually, when you call up a website, your "request" goes via one of these servers. But when the servers are overloaded with bad requests consisting of incomplete data, or they are bombarded with more requests than they can handle, they basically freak out. And no one is served.

That's what happened on Friday. Your fridge, webcam, toy truck and thousands more emitted a coordinated attack of useless information, bringing down some of the world's most popular websites.

The rest is history…

Friday's Mirai attack may well be history now, but it's one which will surely repeat itself. Many, many times.

The question is, where will it all end? If it's only Netflix and Spotify you can't access, you may really not care. Certainly if they are back up and running within a few hours. But what if it's a vital government website, online access to your local hospital, the police, or the energy grid… and what if the attack lasts for days, weeks even?

This is what we mean when we talk about cybersecurity. Private, commercial concerns, even dating apps, shouldn't come into it. And yet what we do - and allow - at a private level can have a momumental impact on society.

We may think it's just the fridge ordering our milk or Barbie chatting to our kids. But we forget that every electronic device these days - especially those connected to the network - is vulnerable to hackers. And the Mirai attack has reminded us they can all be reprogrammed to do whatever the hackers want.

DW Zulfikar Abbany
Zulfikar Abbany Senior editor fascinated by space, AI and the mind, and how science touches people