WATCH | We contacted a computer science expert to explain how, without stealing a single password or implanting any kind of computer virus, cyber attackers can take down popular websites using the DDoS method.
Here's what happened
Remember when basically all your favorite sites went down on Friday? A security company found out just how hackers did it.
The bad news is, there's good reason to expect more outages. Hackers sold access to a "botnet," a ring of connected devices controlled for nefarious purposes, earlier this month, according to Forbes. That botnet is believed to be the one responsible for the widespread outages that attacked DNS hosting service Dyn. The seller claimed it could generate 1 terabit of traffic for $12,100.
This is the first time we've seen an IoT botnet up for rent or sale, especially one boasting that amount of firepower.
Should I be worried?
Probably. A spokesman for RSA, the security firm that discovered the sale, called the technology a "worrying trend" in distributed denial-of-service (DDoS) attacks. The fact that it's for sale means it could be used again, or even made more dangerous.
How does it work?
Basically, any DDoS attack works by flooding a site with massive amounts of data so its servers can't handle the weight. Usually, multiple hacked computers ("bots") are looped into a "botnet" under a hacker's control to generate the necessary traffic.
But in Friday's attack, it wasn't just computers doing the damage. "Internet of Things" devices like DVRs and web cameras also contributed, Forbes reports. In some cases, the device's username and password were both "root."
How can we prevent this?
Well, as a user, there's not much to be done -- aside from making your passwords more complex. But tech companies can increase security on their end by actually using complex passwords, or use a backup DNS provider so if Dyn goes down, it doesn't take half the Internet with it.
WATCH | For the news you need, check out our 60 Second Circa.