It is today estimated that the internet connects over 28 billion devices: computers, phones, thermostats, lockboxes, pet-food dispensers, power grids and much more. While a growing network of 28 billion devices presents an enormous opportunity for individuals and companies to connect, communicate, and transact, it also presents an enormous risk. At the click of a button, hundreds of thousands of unsecured devices could be hijacked and turned toward illegal activities like credit card fraud, denial of service attacks, and market manipulation.
Attacks like these are made possible by botnets, which are networks of devices controlled by a central machine or machines. Typically, these work in one of two ways: peer-to-peer communication where every infected device both receives and distributes commands to other infected machines or client-server communication where a central machine distributes commands to other machines, which are then executed on those machines. It should be noted that not all botnets are illegal or malicious. Some are created out of self-owned hardware for ethical academic or commercial uses. However, botnets that infect others’ devices and use their system resources without the knowledge and consent of the owner of the hardware are illegal.
On a small scale, botnets are commonly used to engage in click fraud. For example, a blogger with a few dozen readers may rent time on an underground botnet made up of a few thousand computers. These computers would navigate to the blogger’s website, click advertisements, and earn the blogger advertising revenue from the affiliated advertising network. This has the added effect of boosting the blogger’s search ranking on search engines like Google and potentially increasing the blogger’s organic reader base by causing the blog to trend on social media.
In an interview conducted by “60 minutes,” Scott Pelley investigated the real “fake news” that has become increasingly prevalent in internet blogs. During his investigation, he discovered that a primary driver behind fake news is the utilization of botnets to promote articles until they pick up traction for their decidedly inflammatory titles and content. These fake news articles can earn over $10,000 per month in advertising revenue.
If all it takes is a few thousand bots to manipulate public opinion; hundreds of thousands can do significantly more damage. In late 2014, hacker group Lizard Squad launched a denial of service attack that took down Microsoft’s Xbox Live (LIVE) and Sony’s PlayStation Network (PSN), two of the largest online gaming networks, totaling over 150 million combined users. Despite nearly two weeks of warning from Lizard Squad about the attacks, neither Sony nor Microsoft could preemptively prepare their networks. During the attack, PSN and LIVE were barraged with billions of bits of data per second from hacked networking devices, overloading the network and preventing legitimate users from connecting to the service. Microsoft restored its services within 24 hours, but Sony lagged in restoring its services. Eventually, Lizard Squad ended the attack of its own accord. The susceptibility of Microsoft and Sony’s online services to this attack dealt a large blow to their reputations.
The size of these denial of service attacks has gotten larger over the past several years. Last year, the well-known cyber-security blog, krebsonsecurity.com was hit with a record breaking 665 Gbps denial of service attack. Fortunately, the attack failed due to the efforts of Akamai Technology, the company contracted by krebsonsecurity.com to prevent these types of attacks from succeeding. Still, this attack has raised significant concern among cyber-security experts about the abundance of poorly protected and often difficult-to-update devices that make up the Internet of Things, such as IP Cameras, Digital Video Recorders, and more. Using these devices as an entry point, hackers can launch attacks on a scale that has never been seen before.
While a great read, krebsonsecurity.com is a relatively low-profile target. As the Internet of Things expands to include more devices, the relative power of individual’s, corporation’s, and government’s presence on the internet will be diminished, and they will be unable to keep pace with the scale of attacks made possible by these unprotected devices. As hackers become more brazen and their capabilities become stronger, global economic and government institutions face increasingly dangerous threats to their stability.
Kevin Murphy is a junior in the McDonough School of Business. BYTE OF WALL ST. appears every other Friday.