Welcome!

FinTech Journal Authors: Elizabeth White, Yeshim Deniz, Rajeev Kozhikkattuthodi, Liz McMillan, Jason Bloomberg

Related Topics: FinTech Journal, Cloud Security, @BigDataExpo, @ThingsExpo

FinTech Journal: Article

When Things Attack! | @ThingsExpo #IoT #M2M #API #Security

The hacking game has changed

As I started writing this blog, I happened to be watching an episode from the new season of Black Mirror on Netflix. Black Mirror is a Sci-Fi anthology series, ala the Twilight Zone, although with a much darker perspective on both humanity and technology. I found the episode, ‘Most Hated in the Nation' somewhat apropos to my topic. The episode follows a police detective investigating the apparent murder of a columnist. This individual has been deluged with social media hate diatribes that would seem familiar to many. As the investigation continues, more mysterious deaths occur, with the victims all being targets of similar social media anger. Meanwhile, in the background, there are various news stories and visual cuts to ADIs (Autonomic Drone Insects). These tiny bee-like drones are being deployed throughout the country to replace the dying bee population, allowing for the continued pollinizing of crops.

Spoiler alert! As you can probably guess, it turns out someone was able to hack into the ADIs to pervert their actual purpose. The drones were killing the individuals in a rather gruesome fashion and the killer was using the social media hate to target his victims. There was the obligatory arguments from the manufacturers that the ADIs could not be hacked.... pause for effect...except for the back doors the government forced them to put in so the drones could be used for surveillance. Then enter the standard disgruntled employee who leveraged the back doors to make a very public and violent social statement about spewing hate in social media without consequences. (As I mentioned, Black Mirror takes a very dark view on both humanity and technology in most of their episodes.) The killer hacked millions of small intelligent devices, and turned them into weapons.

The recent Internet outage, a new kind of attack
On Friday morning, October 21, the first of several DDoS (Distributed Denial of Service) attacks on the core DNS infrastructure of the Internet on the East coast occurred. This attack caused significant outages for major internet sites such as Twitter, Spotify, Reddit, and Amazon. I was working remotely for a client and felt the impact directly. The client provides consultants access to their internal environments via Amazon Workspace. On Friday morning, we could not get access to that environment while the attack was occurring, which, as you can imagine, made for a very frustrating day.

DDoS attacks are not a new phenomenon. However, there were several key things that made this one a little different:

  • Most DDoS target a specific website or company. This one targeted a key part of the internet infrastructure, DNS, provided by a particular vendor, Dyn. This resulted in it having much broader reach and impact.
  • Dyn described the attack as a "very sophisticated and complex attack." As Dyn took mitigation steps against the attack, it would change, and adapt, making their efforts to respond much more difficult. They would start blocking the attack from one area, and very shortly, new IP addresses from a completely different part of the world would start attacking.
  • The attack was coming from tens of millions of discreet IP addresses from around the world. In the past, these kind of attacks came from hijacked computers and laptops that had been infected with malware. This attack went further. Besides the same hijacked computers, this attack also used infected "Things" from the Internet of Things. Devices like DVR's, webcams, baby monitors, and home routers.

Mr. President, they are using our own devices against us
Okay, I admit, a little corny, but the point is a valid one (bonus points if you can identify the movie I am paraphrasing). The Internet of Things (IoT) is growing at astronomical rates. Gartner predicts that by the end of this year there will be over 6.4 billion "things" on the Internet, up 30% from last year. They estimate we are currently adding 5.5 million devices every day. A common topic of discussion and concern in the IoT space is security. As those that frequently read my articles know, this is a topic near and dear to my heart, quite literally. I have a pacemaker and insertable cardiac monitor in my chest (see my recent blog, ‘Musings on the Internet of Things - I am now a Thing'). Whenever the words IoT and Security show up in my newsfeed, I pay attention.

Most often when discussing security concerns related to the Internet of Things, the conversation tends to focus on two aspects:

  • The increased attack surface: All of these devices extend the attack surface of networks, providing more potential entrée points into a corporate network.
  • The potential lack of solid security implementation in these devices. Many devices still ship with standard default username/passwords, and sadly, many users never bother changing them (see my blog ‘Hacking and the Internet of Things' for some detailed descriptions of this).

This attack takes the first item of concern, attack surface, and completely flips it on its head. Instead of worrying about the devices acting as an entrée point to access data, we now have to worry about the devices being an actual tool and weapon in the attacks themselves. While not going to the extreme level of the Black Mirror episode I mentioned at the beginning, the hackers have started weaponizing our Things on the Internet. They are using them against us. The hackers are able to accomplish this in large part due to the second item of concern I mentioned. The lack of security implementations on many devices is a continuing struggle in the world of the Internet of Things. Balancing consumer ease of use with security is like walking a tightrope over a tank full of hungry sharks. Striking that balance is never easy.

No, the Things are not going to destroy civilization as we know it
This is not meant to be a doomsday prophesy. I do not subscribe to the dark view of humanity and technology displayed in Black Mirror. The Internet of Things, like any disruptive technology, has the ability to turn our viewpoints and paradigms on their heads. Last week's attack is a prime example of that. Given the raw numbers, the Internet of Things genie is out of the bottle, and there is no putting it back in. No technology negates the need for good design and planning. Those designs and plans must always include security as a key area of focus.

As technologists, we need to look at security from a different perspective. We have to think about the potential hackers differently. In the old paradigm, it was simple: protect the data, protect the boundaries of the data centers. That is still valid and needs to be done. But in addition, we need to look through the lens of disruptive technologies and work with vendors to implement stronger security measures on their devices. Work with educating end users about their use of these devices, ensuring they do not compromise them in the name of ease of use. We also need to look at other new disruptive technologies that could help in this battle. For example, machine learning is starting to be looked at as a tool that might help identify and respond to a security breach, adapting to changing attack patterns.

Ultimately, security in the world of technology is always a delicate balancing act between access, usability, and protection. It is critical to understand the risks, work with the business to educate them on the balance/tradoffs, and take the appropriate measures to ensure the proper balance is maintained. Oh, and if you hear a bee buzzing near your head, ignore it, I am sure it's nothing.

Register for @[email protected] 'FREE' Before Friday! Here

@ThingsExpo - The World's Largest 'Internet of Things' Event, November 1-3, 2016, at the Santa Clara Convention Center!

Secrets of Sponsors and ExhibitorsHere
Secrets of Cloud Expo SpeakersHere

All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades.

@CloudExpo / @ThingsExpo 2016 Silicon Valley
(November 1-3, 2016, Santa Clara Convention Center, CA)

@CloudExpo / @ThingsExpo 2017 New York
(June 6-8, 2017, Javits Center, Manhattan)

With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be.

Register for @[email protected] 'FREE' Before Friday! Here

Track 1: Enterprise Cloud & Digital Transformation
Track 2: Microservices | Cloud Hot Topics
Track 3: Internet of Things & Cloud
Track 4: APIs & Cloud Security
Track 5: Big Data Analytics
Track 6: DevOps, Continuous Delivery & Containers
Track 7: Enterprise IoT & IIoT
Track 8: IoT Developer
Track 9: Consumer IoT | IoT Hot Topics

Delegates to Cloud Expo | @ThingsExpo will be able to attend 9 simultaneous, information-packed education tracks.

There are over 120 breakout sessions in all, with Keynotes, General Sessions, and Power Panels adding to three days of incredibly rich presentations and content.

Join @CloudExpo | @ThingsExpo conference chair Roger Strukhoff (@IoT2040), June 7-9, 2016 in New York City, for three days of intense 'Internet of Things' discussion and focus, including Big Data's indispensable role in IoT, Smart Grids and Industrial Internet of Things, Wearables and Consumer IoT, as well as (new) IoT's use in Vertical Markets.

About SYS-CON Media & Events
SYS-CON Media (www.sys-con.com) has since 1994 been connecting technology companies and customers through a comprehensive content stream - featuring over forty focused subject areas, from Cloud Computing to Web Security - interwoven with market-leading full-scale conferences produced by SYS-CON Events. The company's internationally recognized brands include among others Cloud Expo® (@CloudExpo), Big Data Expo® (@BigDataExpo), DevOps Summit (@DevOpsSummit), @ThingsExpo® (@ThingsExpo), Containers Expo (@ContainersExpo) and Microservices Expo (@MicroservicesE).

Cloud Expo®, Big Data Expo® and @ThingsExpo® are registered trademarks of Cloud Expo, Inc., a SYS-CON Events company.

More Stories By Ed Featherston

Ed Featherston is VP, Principal Architect at Cloud Technology Partners. He brings 35 years of technology experience in designing, building, and implementing large complex solutions. He has significant expertise in systems integration, Internet/intranet, and cloud technologies. He has delivered projects in various industries, including financial services, pharmacy, government and retail.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
In this presentation, Striim CTO and founder Steve Wilkes will discuss practical strategies for counteracting fraud and cyberattacks by leveraging real-time streaming analytics. In his session at @ThingsExpo, Steve Wilkes, Founder and Chief Technology Officer at Striim, will provide a detailed look into leveraging streaming data management to correlate events in real time, and identify potential breaches across IoT and non-IoT systems throughout the enterprise. Strategies for processing massive ...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...