|
U.S. takes aim at cyber
attacks from connected devices as recalls mount
Send a link to a friend
 [October 25, 2016]
By Joseph Menn
SAN
FRANCISCO (Reuters) - Obama administration officials sought on Monday to
reassure the public that it was taking steps to counter new types of
cyber attacks such as the one Friday that rendered Twitter, Spotify,
Netflix and dozens of other major websites unavailable.
The Department of Homeland Security said it had held a conference call
with 18 major communication service providers shortly after the attack
began and was working to develop a new set of “strategic principles” for
securing internet-connected devices.
DHS said its National Cybersecurity and Communications Integration
Center was working with companies, law enforcement and researchers to
cope with attacks made possible by the rapidly expanding number of smart
gadgets that make up the "internet of Things."
Such devices, including web-connected cameras, appliances and toys, have
little in the way of security. More than a million of them have been
commandeered by hackers, who can direct them to take down a target site
by flooding it with junk traffic.
Several networks of compromised machines were directed to attack big
customers of web infrastructure company Dyn last week, Dyn officials and
security researchers said.
The disruption had subsided by late Friday night in America, and two of
the manufacturers whose devices had been hijacked for the attack pledged
Monday to try to fix them.
But security experts said that many of the devices would never be fixed
and that the broader security threat posed by the internet of Things
would get worse before it gets better.
“If you expect to fix all the internet devices that are out there, force
better passwords, install some mechanism for doing updates and add some
native security for the operating system, you are going to be working a
long time,” said Ed Amoroso, founder of TAG Cyber and former chief
security officer at AT&T.
Instead, Amoroso said he hoped that government officials would focus on
recommending better software architecture and that business partners
would insist on better standards.
In the meantime, fresh responses by two of the companies involved in the
attacks illustrated the extent of the problem.
[to top of second column] |
A padlock is displayed at the Alert Logic booth during the 2016
Black Hat cyber-security conference in Las Vegas, Nevada, U.S.
August 3, 2016. REUTERS/David Becker
Chinese firm Hangzhou Xiongmai Technology Co Ltd, which makes components for
surveillance cameras, said it would recall some products from the United States.
Another Chinese company, Dahua Technology, acknowledged that some of its older
cameras and video recorders were vulnerable to attacks when users had not
changed the default passwords. Like Xiongmai, it said it would offer firmware
updates on its website to fix the problem and would give discounts to customers
who wanted to exchange their gear.
But neither company has anything like a comprehensive list of their customers,
many of whom will never learn of the problems, said Dale Drew, chief security
officer with communications provider Level 3.
“I wouldn’t be surprised if the only way they are going to reach their consumers
is through media reports, Drew said.
(Reporting by Joseph Menn in San Francisco. Additonal reporting by Dustin Volz
in Washington.; Editing by Jonathan Weber and Leslie Adler)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
