The Only Realistic Plan to Avoid DDoS Disaster Might Be “End of Anonymity”
Experts said that the cyberattacks using the internet of things (IoT) is a taste of disruptions to come.
The attack, which affected a number of major websites primarily in east coast of the United States, reportedly used Internet-enabled cameras as a platform for a Distributed Denial of Service (DDoS) attack. The attackers exploited manufacturer-set passwords that hadn’t been reset by users.
“This is just the beginning,” said Sanjay Sarma, a professor of mechanical engineering at MIT who has done pioneering work on IoT systems “There’s more coming, sadly — perhaps a power plant.”
In regards to these concerns, Roger Grimes, a security columnist at InfoWorld, prosed “The only realistic plan to avoid DDoS disaster.”
“You can’t stop DDoS attacks because they can be accomplished anywhere along the OSI model — and at each level dozens of different attacks can be performed. Even if you could secure an intended victim’s site perfectly, the hacker could attack upstream until the pain reached a point where the victim would be dropped to save everyone else.” Grimes warns, “The internet is rife with spam, malware, and malicious criminals who steal tens of millions of dollars every day from unsuspecting victims. All of this activity is focused on a global network that is more and more mission-critical every day. Even activities never intended to be online — banking, health care, control of the electrical grid — now rely on the stability of the internet.”
In the post, Grimes predicts that in face of all the security threats “would effectively mean the end of anonymity on the internet. For those who prefer today’s (relative) anonymity, the current internet would be maintained.”
“The world would be willing to pay for a new internet, one in which the minimum identity verification is two-factor or biometric. I also think that, in exchange for much greater security, people would be willing to accept a slightly higher price for connected devices — all of which would have embedded crypto chips to assure that a device or person’s digital certificate hadn’t been stolen or compromised.”