Fwd: Who to Blame for the Attack on the Internet - The answer is You, me and everyone else is in between - KICTANet

23 Oct 2016

      Dear listers

Cross-posting intentional

In the last few days the blogosphere and social media in general has been abuzz with the DDoS attack that brought down popular sites like Amazon and a Twitter.

Have you wondered what role YOU could have played in this attack? Well, it turns out we are all not so innocent..Read on..
...
From: "FORTUNE Data Sheet" <fortune@email.fortune.com>
Date: 22 October 2016 at 10:18:07 PM EAT
To: <ali@hussein.me.ke>
Subject: Who to Blame for the Attack on the Internet
Reply-To: "Fortune" <reply-fec915777065057a-20_HTML-56937916-7213333-13@email.fortune.com>
FOLLOW 																						
SUBSCRIBE 																						
ANON TIP 																						
OCTOBER 22, 2016
Our worst hacking fears came true on Friday as criminals deployed millions of everyday objects — internet-connected cameras, printers and so on — to launch an attack on a critical part of the Internet. The attack was a success, crippling the websites of major companies like Amazon, Netflix and Twitter for hours at a time.
We now have a handle on what happened: hackers used publicly available source code to assemble a bot-net army of internet-enabled devices, and then directed those devices to send massive waves of junk requests to a DNS provider. The attack meant the provider, New Hampshire based Dyn, could not carry out its job of acting as a switchboard for the internet, and consumers could no longer reach popular websites.
The compromised devices, which make up the bot-net army, are still out there and unpatched, which means other attacks are likely on the way. This makes it a good time to ask who’s to blame for this debacle. We can start, of course, by fingering the hackers themselves, who appear to have unleashed the attack with profit motives in mind.
But we can also assign much of the blame to the companies whose sloppy security standards made the attack possible:
Wondering which IoT device types are part of the Mirai botnet causing trouble today? @briankrebs has the list: https://t.co/bETefDMa4Y
— Eric Skinner (@EricSkinner) October 22, 2016
//platform.twitter.com/widgets.js
We need laws that allow civil and/or criminal penalties for companies that sell systems this insecure https://t.co/Gj4S5Hj0xV
— Christopher Mims (@mims) October 22, 2016
//platform.twitter.com/widgets.js
A list of alleged culprits, compiled by security researcher Brian Krebs, include familiar names like Panasonic, Samsung and Xerox printers. The names also include lesser known makers of routers and cameras, which reportedly made up the bulk of the bot-net army.
It’s a good bet these companies are scrambling to update their product lines in a way that requires users to change the passwords (widespread use of default passwords are the main reason the devices got hacked in the first place). But it’s not fair to lay the entire blame squarely on the companies. Part of the responsibility should also lie with lawmakers and regulators, who have failed to create a safety system to account for the Internet-of-Things era we are now living in.
Finally, it’s time for consumers to acknowledge they have a role in the attack too. By failing to secure the internet-connected devices, they are endangering not just themselves but the rest of the Internet as well. No one think it’s acceptable for consumers to be clueless when they operate products like automobiles or propane tanks — so why is it okay for them to be careless with routers and security cameras?
On another note, there’s other security news this week, including a couple cool fin-tech features by Robert, which can read about below. Thanks as always for reading. And, for heaven’s sake, lock down your devices.
Jeff Roberts
@jeffjohnroberts
jeff.roberts@fortune.com
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
.
THREATS
Meet Coinbase 2.0. In 2012, Coinbase was one of the early cool kids of the bitcoin scene. Four years later, the company is barely mentioning bitcoin as it carries out a full pivot into a digital brokerage service for a wide range of money. (Fortune)
Facial recognition stops a Facebook burglar: Social media companies announced they have broken ties with a controversial company that scans their streams to identify faces for police departments. But it turns out Facebook has itself used the company to stop an intruder in CEO Mark Zuckerberg's office. (The Verge)
Ripple rocks it. Meanwhile, another fin-tech darling is riding high. Ripple announced a successful trial with 12 big banks that could lower settlement costs for cross-border currency transactions by 60 percent. (Fortune)
How Russia doxxed the DNC: Everyone not named Donald Trump is by now acknowledging that the hack of Democratic party emails was carried out by Russia. But just what did this entail? An Esquire feature reveals how the work was a years-long, meticulously planned operation. (Esquire)
I forgive you, Yahoo. How do customers react when you suffer the largest cyber-security breach in history? Apparently, they shrug. Yahoo said user numbers are about the same since the breach. Alas, it looks like the company's merger-mate won't be so forgiving — Verizon is making noises about bailing. (Fortune)
Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/
Looking for previous Data Sheets? Click here.
.
ACCESS GRANTED
Mmmm, blockchain. Robert has a fascinating look at how Wal-Mart and IBM are using fin-tech tools to track pork safety in China:
Walmart plans to use technology developed by the Hyperledger Project, an open source software project that builds blockchain tools and is based out of the Linux Foundation...
The blockchain in question, a private database co-developed by IBM, is designed to provide the retailer with a way to indelibly record a list of transactions indicating how meat has flowed through a commercial network, from producers to processors to distributors to grocers—and finally, to consumers. Read more on Fortune.com
.
FORTUNE RECON
97% of Java Apps Harbor a Known Security Hole by Robert Hackett
Microsoft Cloud Warrant Cases Move Closer to Supreme Court by Jeff John Roberts
This Badge Blocks Your Face in Social Media Photos by Maddie Farber
Half of US Adults' Faces Are Being Scanned by Law Enforcement by Jeff John Roberts
NSA Contractor Accused of Stealing Data Will Face Espionage Charges Fortune/Reuters
.
.
ONE MORE THING
If you want to hack a high profile target, spear-phishing is still the best bet. But just how do you carry it out? In the case of General Colin Powell and DNC Chair John Podesta, it was a plain old "Gmail" message. Here's an up close look at what not to click. (Motherboard)
.
EMAIL ROBERT HACKETT
SUBSCRIBE
SHARE:		  																				 																					  																				 																					  																				 																			
.
This message has been sent to you because you are currently subscribed to Cyber Saturday 
UNSUBSCRIBE HERE
Please read our Privacy Policy, or copy and paste this link into your browser: 
HTTP://WWW.FORTUNE.COM/PRIVACY
For Further Communication, Please Contact: 
FORTUNE Customer Service 
3000 University Center Drive 
Tampa, FL 33612-6408
ADVERTISING INFO | SUBSCRIBE TO FORTUNE
Ali Hussein
Principal
Hussein & Associates
+254 0713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim
"Discovery consists in seeing what everyone else has seen and thinking what no one else has thought".  ~ Albert Szent-Györgyi
Sent from my iPad
Begin forwarded message:

Fwd: Who to Blame for the Attack on the Internet - The answer is You, me and everyone else is in between

Ali Hussein

Rosemary Koech-Kimwatu

tags

participants (2)