[kictanet] Fwd: Who to Blame for the Attack on the Internet - The answer is You, me and everyone else is in between

Ali Hussein ali at hussein.me.ke
Sun Oct 23 19:13:06 EAT 2016


Dear listers

Cross-posting intentional

In the last few days the blogosphere and social media in general has been abuzz with the DDoS attack that brought down popular sites like Amazon and a Twitter.

Have you wondered what role YOU could have played in this attack? Well, it turns out we are all not so innocent..Read on..


> From: "FORTUNE Data Sheet" <fortune at email.fortune.com>
> Date: 22 October 2016 at 10:18:07 PM EAT
> To: <ali at hussein.me.ke>
> Subject: Who to Blame for the Attack on the Internet
> Reply-To: "Fortune" <reply-fec915777065057a-20_HTML-56937916-7213333-13 at email.fortune.com>
> 
> 
> 
>                                                                                                        
>  
>  
> 
> FOLLOW 																						
> SUBSCRIBE 																						
> ANON TIP 																						
> OCTOBER 22, 2016
> Our worst hacking fears came true on Friday as criminals deployed millions of everyday objects — internet-connected cameras, printers and so on — to launch an attack on a critical part of the Internet. The attack was a success, crippling the websites of major companies like Amazon, Netflix and Twitter for hours at a time.
> 
> We now have a handle on what happened: hackers used publicly available source code to assemble a bot-net army of internet-enabled devices, and then directed those devices to send massive waves of junk requests to a DNS provider. The attack meant the provider, New Hampshire based Dyn, could not carry out its job of acting as a switchboard for the internet, and consumers could no longer reach popular websites.
> 
> The compromised devices, which make up the bot-net army, are still out there and unpatched, which means other attacks are likely on the way. This makes it a good time to ask who’s to blame for this debacle. We can start, of course, by fingering the hackers themselves, who appear to have unleashed the attack with profit motives in mind.
> 
> But we can also assign much of the blame to the companies whose sloppy security standards made the attack possible:
> 
> Wondering which IoT device types are part of the Mirai botnet causing trouble today? @briankrebs has the list: https://t.co/bETefDMa4Y
> 
> — Eric Skinner (@EricSkinner) October 22, 2016
> 
> //platform.twitter.com/widgets.js
> 
> We need laws that allow civil and/or criminal penalties for companies that sell systems this insecure https://t.co/Gj4S5Hj0xV
> 
> — Christopher Mims (@mims) October 22, 2016
> 
> //platform.twitter.com/widgets.js
> 
> A list of alleged culprits, compiled by security researcher Brian Krebs, include familiar names like Panasonic, Samsung and Xerox printers. The names also include lesser known makers of routers and cameras, which reportedly made up the bulk of the bot-net army.
> 
> It’s a good bet these companies are scrambling to update their product lines in a way that requires users to change the passwords (widespread use of default passwords are the main reason the devices got hacked in the first place). But it’s not fair to lay the entire blame squarely on the companies. Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in.
> 
> Finally, it’s time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well. No one think it’s acceptable for consumers to be clueless when they operate products like automobiles or propane tanks — so why is it okay for them to be careless with routers and security cameras?
> 
> On another note, there’s other security news this week, including a couple cool fin-tech features by Robert, which can read about below. Thanks as always for reading. And, for heaven’s sake, lock down your devices.
> 
> Jeff Roberts
> 
> @jeffjohnroberts
> 
> jeff.roberts at fortune.com
> 
> Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
> 
> 
> .
> 
> THREATS
> Meet Coinbase 2.0. In 2012, Coinbase was one of the early cool kids of the bitcoin scene. Four years later, the company is barely mentioning bitcoin as it carries out a full pivot into a digital brokerage service for a wide range of money. (Fortune)
> 
> Facial recognition stops a Facebook burglar: Social media companies announced they have broken ties with a controversial company that scans their streams to identify faces for police departments. But it turns out Facebook has itself used the company to stop an intruder in CEO Mark Zuckerberg's office. (The Verge)
> 
> Ripple rocks it. Meanwhile, another fin-tech darling is riding high. Ripple announced a successful trial with 12 big banks that could lower settlement costs for cross-border currency transactions by 60 percent. (Fortune)
> 
> How Russia doxxed the DNC: Everyone not named Donald Trump is by now acknowledging that the hack of Democratic party emails was carried out by Russia. But just what did this entail? An Esquire feature reveals how the work was a years-long, meticulously planned operation. (Esquire)
> 
> I forgive you, Yahoo. How do customers react when you suffer the largest cyber-security breach in history? Apparently, they shrug. Yahoo said user numbers are about the same since the breach. Alas, it looks like the company's merger-mate won't be so forgiving — Verizon is making noises about bailing. (Fortune)
> 
> Share today's Data Sheet with a friend:
> http://fortune.com/newsletter/datasheet/
> 
> Looking for previous Data Sheets? Click here.
> 
> .
> 
> ACCESS GRANTED
> Mmmm, blockchain. Robert has a fascinating look at how Wal-Mart and IBM are using fin-tech tools to track pork safety in China:  
> 
> Walmart plans to use technology developed by the Hyperledger Project, an open source software project that builds blockchain tools and is based out of the Linux Foundation...
> 
> The blockchain in question, a private database co-developed by IBM, is designed to provide the retailer with a way to indelibly record a list of transactions indicating how meat has flowed through a commercial network, from producers to processors to distributors to grocers—and finally, to consumers. Read more on Fortune.com
> 
> .
> 
> FORTUNE RECON
> 97% of Java Apps Harbor a Known Security Hole by Robert Hackett
> 
> Microsoft Cloud Warrant Cases Move Closer to Supreme Court by Jeff John Roberts
> 
> This Badge Blocks Your Face in Social Media Photos by Maddie Farber
> 
> Half of US Adults' Faces Are Being Scanned by Law Enforcement by Jeff John Roberts
> 
> NSA Contractor Accused of Stealing Data Will Face Espionage Charges Fortune/Reuters
> 
> .
> 
> .
> 
> ONE MORE THING
> If you want to hack a high profile target, spear-phishing is still the best bet. But just how do you carry it out? In the case of General Colin Powell and DNC Chair John Podesta, it was a plain old "Gmail" message. Here's an up close look at what not to click. (Motherboard)
> 
> .
> EMAIL ROBERT HACKETT
> 
> SUBSCRIBE
> 
> SHARE:		  																				 																					  																				 																					  																				 																			
> .
> This message has been sent to you because you are currently subscribed to Cyber Saturday 
> UNSUBSCRIBE HERE 
> 
> Please read our Privacy Policy, or copy and paste this link into your browser: 
> HTTP://WWW.FORTUNE.COM/PRIVACY 
> 
> For Further Communication, Please Contact: 
> FORTUNE Customer Service 
> 3000 University Center Drive 
> Tampa, FL 33612-6408 
> 
> ADVERTISING INFO | SUBSCRIBE TO FORTUNE
> 
> 
> 
> Ali Hussein
> Principal
> Hussein & Associates
> +254 0713 601113 
> 
> Twitter: @AliHKassim
> Skype: abu-jomo
> LinkedIn: http://ke.linkedin.com/in/alihkassim
> 
> 
> "Discovery consists in seeing what everyone else has seen and thinking what no one else has thought".  ~ Albert Szent-Györgyi
> 
> Sent from my iPad
> 
> Begin forwarded message:
> 
>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20161023/c6ed61e1/attachment.htm>


More information about the KICTANet mailing list