Internet of Stings

Nick Lansley again compressedNick Lansley, innovation insider at Nick Lansleys Innovation Lab, explains why Internet of Things devices pose a new threat to internet security.

Last Friday, I had problems accessing Twitter. I know, I’ll get over it, but in the meantime realising what caused the access issue served to highlight a vulnerability built into part of the internet’s technical design.

The problem is.. well… us humans! We can’t remember numbers that well, and yet every computer and every website on the internet has a unique numeric address, called an IP address. For example, the web server that you would be connected to in order to look at my website,, currently has the IP address:

If you copy and paste that numeric IP address into a web browser, you would arrive at So you just remember that address and the vulnerability disappears. But you won’t remember it, and neither will I. So instead of numeric IP addresses, we use alphabetical names, aka URLs (Uniform Resource Locators) to get to the website we’re looking for.

What happens then is that your web browser goes to a Domain Name Service (DNS) server – one usually (but not always) being run by your Internet Service Provider. DNS servers act much like electronic telephone directories: look up the person’s name and you get back their telephone number.

So using the example of my website again, the DNS server receives the text ‘’ from your web browser and looks it up in its database. If it doesn’t find it, then it would call an upstream DNS server and ask it if it knew, and so on until one of the DNS servers did know, and so returns to your web browser. Finally, your web browser goes to that IP address and arrives at

The problem is the Domain Name Service (DNS) itself: if these servers are exposed to a Distributed Denial of Service (DDoS) attack, then your web browser may not be able to receive the numeric IP address back and so doesn’t know where to go. That’s what happened with Twitter and me on Friday.

The problem was the result of an attack on Dyn, an internet infrastructure company that provides DNS services to the web. It’s also why the USA’s Department of Homeland Security set off an immediate investigation about what happened and what to do about it.

One interesting twist in this story is that anecdotal evidence has uncovered that, now Windows, Mac and Linux computers are pretty well protected these days, Internet of Things devices such as digital video recorders, home CCTV cameras and other ‘smart’ devices are being targeted for their vulnerabilities.

For example, if you have a home CCTV camera that sends images to your smartphone when you’re away, it has to have internet access to do so, and could be exploited for any weaknesses in its architecture. Such a camera is more than just a camera, it’s a small, completely self-contained, embedded computer.

Most IoT devices use miniature Linux-based computers to perform their work since Linux can be as small as a complete computer on a single silicon chip – called ‘embedded Linux’. It’s easy to get hold of such chips to see if you can hack them, and challenging for them to be patched without a firmware update.

Of course, manufacturers will work to improve security just like the work that has happened on desktop operating systems. Alas, the cat and mouse game continues.

Cyber security expert Brian Krebs wrote in his blog:

At first, it was unclear who or what was behind the attack on Dyn. But over the past few hours, at least one computer security firm has come out saying the attack involved Mirai, the same malware strain that was used in the record 620 Gpbs attack on my site last month. At the end September 2016, the hacker responsible for creating the Mirai malware released the source code for it, effectively letting anyone build their own attack army using Mirai.

Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.

According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.

“It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” Nixon said, noting that Flashpoint hasn’t ruled out the possibility of multiple botnets being involved in the attack on Dyn.

However, I would like to see Internet Service Providers doing more to detect and block devices using their broadband networks that are acting in this way. Are DDoS patterns plainly detectable on their networks? Check my site for more on this in the next few weeks.

Nick Lansley is innovation insider at Nick Lansleys Innovation Lab