1. Reversing Paralysis

    Reversing Paralysis

    Scientists are making remarkable progress at using brain implants to restore the freedom of movement that spinal cord injuries take away.

  2. Self-Driving Trucks

    Self-Driving Trucks

    Tractor-trailers without a human at the wheel will soon barrel onto highways near you. What will this mean for the nation’s 1.7 million truck drivers?

  3. Paying with Your Face

    Paying with Your Face

    Face-detecting systems in China now authorize payments, provide access to facilities, and track down criminals. Will other countries follow?

  4. Practical Quantum Computers

    Practical Quantum Computers

    Advances at Google, Intel, and several research groups indicate that computers with previously unimaginable power are finally within reach.

  5. The 360-Degree Selfie

    The 360-Degree Selfie

    Inexpensive cameras that make spherical images are opening a new era in photography and changing the way people share stories.

  6. Hot Solar Cells

    Hot Solar Cells

    By converting heat to focused beams of light, a new solar device could create cheap and continuous power.

  7. Gene Therapy 2.0

    Gene Therapy 2.0

    Scientists have solved fundamental problems that were holding back cures for rare hereditary disorders. Next we’ll see if the same approach can take on cancer, heart disease, and other common illnesses.

  8. The Cell Atlas

    The Cell Atlas

    Biology’s next mega-project will find out what we’re really made of.

  9. Botnets of Things

    Botnets of Things

    The relentless push to add connectivity to home gadgets is creating dangerous side effects that figure to get even worse.

  10. Reinforcement Learning

    Reinforcement Learning

    By experimenting, computers are figuring out how to do things that no programmer could teach them.

Botnets of Things

The relentless push to add connectivity to home gadgets is creating dangerous side effects that figure to get even worse.

Availability: Now

  • by Bruce Schneier
  • Botnets have existed for at least a decade. As early as 2000, hackers were breaking into computers over the Internet and controlling them en masse from centralized systems. Among other things, the hackers used the combined computing power of these botnets to launch distributed denial-of-service attacks, which flood websites with traffic to take them down.

    But now the problem is getting worse, thanks to a flood of cheap webcams, digital video recorders, and other gadgets in the “Internet of things.” Because these devices typically have little or no security, hackers can take them over with little effort. And that makes it easier than ever to build huge botnets that take down much more than one site at a time.

    In October, a botnet made up of 100,000 compromised gadgets knocked an Internet infrastructure provider partially offline. Taking down that provider, Dyn, resulted in a cascade of effects that ultimately caused a long list of high-profile websites, including Twitter and Netflix, to temporarily disappear from the Internet. More attacks are sure to follow: the botnet that attacked Dyn was created with publicly available malware called Mirai that largely automates the process of coöpting computers.

    This story is part of our March/April 2017 Issue
    See the rest of the issue
    Subscribe

    The best defense would be for everything online to run only secure software, so botnets couldn’t be created in the first place. This isn’t going to happen anytime soon. Internet of things devices are not designed with security in mind and often have no way of being patched. The things that have become part of Mirai botnets, for example, will be vulnerable until their owners throw them away. Botnets will get larger and more powerful simply because the number of vulnerable devices will go up by orders of magnitude over the next few years.

    What do hackers do with them? Many things.

    Botnets of Things
    • Breakthrough Malware that takes control of webcams, video recorders, and other consumer devices to cause widespread Internet outages.
    • Why It Matters Botnets based on this software are disrupting larger and larger swaths of the Internet—and getting harder to stop.
    • Key Players - Whoever created the Mirai botnet software
      - Anyone who runs a poorly secured device online—including you?
    • Availability Now

    Botnets are used to commit click fraud. Click fraud is a scheme to fool advertisers into thinking that people are clicking on, or viewing, their ads. There are lots of ways to commit click fraud, but the easiest is probably for the attacker to embed a Google ad in a Web page he owns. Google ads pay a site owner according to the number of people who click on them. The attacker instructs all the computers on his botnet to repeatedly visit the Web page and click on the ad. Dot, dot, dot, PROFIT! If the botnet makers figure out more effective ways to siphon revenue from big companies online, we could see the whole advertising model of the Internet crumble.

    Similarly, botnets can be used to evade spam filters, which work partly by knowing which computers are sending millions of e-mails. They can speed up password guessing to break into online accounts, mine bitcoins, and do anything else that requires a large network of computers. This is why botnets are big businesses. Criminal organizations rent time on them.

    But the botnet activities that most often make headlines are denial-of-service attacks. Dyn seems to have been the victim of some angry hackers, but more financially motivated groups use these attacks as a form of extortion. Political groups use them to silence websites they don’t like. Such attacks will certainly be a tactic in any future cyberwar.

    This map shows the extent of some of the Internet outages caused by denial-of-service attacks on Dyn on October 21, 2016. Dyn operates domain-name servers that connect end users to websites.

    What should be done to address this rising threat?

    Tell us what you think.

    Once you know a botnet exists, you can attack its command-and-control system. When botnets were rare, this tactic was effective. As they get more common, this piecemeal defense will become less so. You can also secure yourself against the effects of botnets. For example, several companies sell defenses against denial-of-service attacks. Their effectiveness varies, depending on the severity of the attack and the type of service.

    But overall, the trends favor the attacker. Expect more attacks like the one against Dyn in the coming year.

    Bruce Schneier, chief technology officer at IBM Resilient, is the author of 13 books on cryptography and data security.

    Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

    Subscribe today

    Uh oh–you've read all of your free articles for this month.

    Insider Premium
    $179.95/yr US PRICE

    Next in 10 Breakthrough Technologies 2017
    Want more award-winning journalism? Subscribe and become an Insider.
    • Insider Premium {! insider.prices.premium !}*

      {! insider.display.menuOptionsLabel !}

      Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

      See details+

      What's Included

      Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

      The Download. Our daily newsletter of what's important in technology and innovation.

      Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

      Special Discounts to select partner offerings

      Discount to MIT Technology Review events

      Ad-free web experience

      First Look. Exclusive early access to stories.

      Insider Conversations. Join in and ask questions as our editors talk to innovators from around the world.

    • Insider Plus {! insider.prices.plus !}* Best Value

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus ad-free web experience, select discounts to partner offerings and MIT Technology Review events

      See details+

      What's Included

      Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

      The Download. Our daily newsletter of what's important in technology and innovation.

      Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

      Special Discounts to select partner offerings

      Discount to MIT Technology Review events

      Ad-free web experience

    • Insider Basic {! insider.prices.basic !}*

      {! insider.display.menuOptionsLabel !}

      Six issues of our award winning magazine and daily delivery of The Download, our newsletter of what’s important in technology and innovation.

      See details+

      What's Included

      Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

      The Download. Our daily newsletter of what's important in technology and innovation.

    /
    You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.