I saw that article the other day, and man, it is frustrating. Schneier is trustworthy, so you can't just dismiss it, but there's no detail about who or what or anything.
In a way, I almost sort of want to see what would happen, though. Like if they do manage to take the entire internet down somehow, I would be interested in finding out what breaks down and how. I get the feeling there are a lot more systems out there without failsafes than most people think.
From limited personal experience I get the idea that most of the really basic stuff will be fine. And the reason for that is that it is running on operating systems that are so incredibly old and basic that modern viruses are not even compatible.
Some major infrastructure to do with the energy grid has software elements from the 1980's in some pretty advanced countries, for instance. Industrial production set-ups that have been going for a while tend to be the same - they run on stuff that is ancient in software terms, and it makes them incredibly vulnerable... to viruses from the early 90's. But not from anything since then, so a lot of them have been merrily running without any serious security.
I can add more to this later, but a ddos attack is a bit different than something like a virus. In the most simple terms its playing who has the bigger pipe. A bunch of bogus requests are sent to a server, if you can send more requests than the server can handle then real requests will get ignored. Some servers might choke and crash but for the most part the disruption only happens as long as the attack is sustained. Of course in the bigger pipe game, internet backbone companies usually win, so additional methods are used to make it appear your pipe is bigger and there are methods to defend against these tricks. The longer your pipe appears large and engorged, the longer the servers being blasted stay offline.
Since the disruption only lasts as long as the attack, it's generally done to coincide with another event. On the nefarious side is actual war, unrest, elections, market crash etc. on the less nefarious is a product release, such as in 2014 when Lizard Squad took down sony's authentication servers on christmas day so those with new PS4s couldn't download updates and use their new toy, because they are dicks.
Given the state of cyber cold war we are in and how shakey and patched together the internet really is, I could see countries probing defenses just incase.
Of course in the bigger pipe game, internet backbone companies usually win, so additional methods are used to make it appear your pipe is bigger and there are methods to defend against these tricks. The longer your pipe appears large and engorged, the longer the servers being blasted stay offline.
I saw that article the other day, and man, it is frustrating. Schneier is trustworthy, so you can't just dismiss it, but there's no detail about who or what or anything.
In a way, I almost sort of want to see what would happen, though. Like if they do manage to take the entire internet down somehow, I would be interested in finding out what breaks down and how. I get the feeling there are a lot more systems out there without failsafes than most people think.
Same here. Some of the comments on the linked article are so smugly idiotic I want it to happen just to find out. "Just pull the plug." Right. "Hardly any deaths or serious injuries." Is that the only kind of harm a financially-secure nerd can imagine? What about economic risks? And trust risks?
Here's the thing that bugs me about internet enabled devices that aren't computers. In the case of closed circuit cameras, it makes sense to have internet access enabled for them so that they can be controlled remotely from a central station.
Other devices, not so much. There is no reason for a toaster, microwave or refrigerator to have internet enabled functionality. How would the functioning of any of these devices be improved with the ability to connect to the internet? It makes no fucking sense.
__________________
Allan Glenn. 1984-2005 RIP
Under no circumstances should Quentin Tarantino be allowed to befoul Star Trek.
Is anyone else having a rollicking good time following the rumors about today's big DDOS?
Oh, hello, internet of shit! I am shocked I tell you to find shitty internet enabled gadgets marketed toward the technically inept at the heart of the problem.
I am all for cutting off those devices. I know it's not the consumers' fault that they bought shitty internet enabled gadgets based on marketing promises and all, but sometimes, life sucks and is not fair and I think it needs to be unfair for those people for a while. Better your shitty IOT devices stop working than you be held responsible for the damage they do.
And I have no sympathy for the manufacturers. If they knew better, they need to be put out of business for being evil, and if they didn't, they need to be put out of business for being incompetent.
Way back in the day, one of the big net neutrality fights was over connecting unauthorized devices to the phone networks, and that battle hinged largely on complying with standards and not attaching devices that were harmful to the network. And the FCC regulates the use of the broadcast spectrum and prohibits devices that don't comply with that. I see no reason that similar regulations, and maybe through fancy lawyering, the exact same regulations, couldn't be applied to devices that can cause damage to the internet.
So we wanted a new refrigerator, one with a bucket freezer on the bottom and French doors and a built in water/ice dispenser. Of the ones that would fit the slot, none of them didn't have some WIFI connection function. (It's a FRIDGE! WHY?)
So you can bet I connected the water line, but never set up the WIFI. Seriously, it's a fridge. Why?
WHY?
Though my DVR could be attacking everything right now.
__________________
Peering from the top of Mount Stupid
So we wanted a new refrigerator, one with a bucket freezer on the bottom and French doors and a built in water/ice dispenser. Of the ones that would fit the slot, none of them didn't have some WIFI connection function. (It's a FRIDGE! WHY?)
So you can bet I connected the water line, but never set up the WIFI. Seriously, it's a fridge. Why?
WHY?
Though my DVR could be attacking everything right now.
Wait til they start making them where they won't even work until you set up the wifi connection.
I'm already fed up with overly complicated devices.
__________________
Chained out, like a sitting duck just waiting for the fall _Cage the Elephant
mjg59 | Fixing the IoT isn't going to be easy
If they knew better, they need to be put out of business for being evil, and if they didn't, they need to be put out of business for being incompetent.
__________________
"We can have democracy in this country, or we can have great wealth concentrated in the hands of a few, but we can't have both." ~ Louis D. Brandeis
"Psychos do not explode when sunlight hits them, I don't give a fuck how crazy they are." ~ S. Gecko