UK becomes first country to ban default passwords on IoT devices
Seven years ago, a cyberattack left many of the most popular websites based in the United States inaccessible. For three extended periods on October 21, 2016, internet users were left without their doses of Twitter, CNN and Netflix among other popular sites.
Naturally there was speculation about the powerful threat actors who could have caused such a disruption. But the incident was not conducted by a hostile state. It turned out to be extremely unsophisticated, just a distributed-denial-of-service attack targeting Dyn, a company which provided Domain Name System (DNS) services — a critical part of the internet’s communications structure.
While the attack was unsophisticated, it was large. The volume of traffic sent to Dyn’s servers was generated by a botnet of internet-connected consumer devices from wireless cameras through to WiFi routers. The botnet, named Mirai after a Japanese cartoon, had been developed by a trio of U.S. citizens barely out of their teens, all of whom were soon arrested.