Submitted by alvin on Wed, 2016-11-16 11:13 Recently, there were a few big cyber-attacks in the US and Liberia. The attacks brought down a large part of the country’s network and major websites such as Twitter in what is called a DDOS (Distributed Denial of Service) attack. A DDOS attack disables critical services for some time, thereby causing hardship to users of the service or it helps competitors of the service which was hit to make money. A simple DDOS attack involves sending what appears to be a genuine service request from a computer to a target server of the attacked service. However, the attack is engineered by directing a huge number of such services simultaneously on a server, causing it to crash. An example of a possible DDOS attack could be like this: Say Flipkart, Snapdeal or Amazon have planned a major festival sale and invested lakhs of rupees in advertisements and logistics to launch the festival sale say on Diwali day. But there is a DDOS attack which crashes the service, thereby causing loss of sale as well as denting the reputation of the victim. In the case of Liberia, it was an attack on the country’s network; it qualifies to be designated as cyberwar. When such attacks are planned by an attacker, which could be a nation state such as Pakistan or China or North Korea, there would be huge preparation in which hundreds of thousands of computers of innocent persons are infected with a Trojan, which can be triggered from a central command computer of the attacker to send an “apparently genuine service request on the victim”. The success of the attack is critical to the large number of attacks being simultaneous. Hence, network creation is an essential part of this attack. This network is called “Botnet”. What we need to remember is that computers of innocent individuals end-up hosting the Trojan and become part of a DDOS attack without the knowledge of the owner. When such attacks cripple a national asset, it is akin to being involved in a cyber-attack or cyberwar. Obviously, in legal terms, being part of a botnet is a punishable offence and none of us should be drafted into such a crime without our knowledge. The recent attacks were all launched by a botnet called ‘Mirai Botnet’, which infected video devices such as CCTV cameras which are connected to an IP network. There are many such devices in Bengaluru in industrial premises, educational institutions, and maybe in individual homes. In such devices, you can view the camera pictures from your computer or mobile through the internet. These devices send the streaming video pictures which are heavy files in terms of the data size and make a good tool for launching DDOS attacks. A recent analysis of the Mirai Botnet from a site called fossbyte.com (you can find a representative picture below) shows that there is a huge concentration of infections in India, particularly in Bengaluru. This indicates that a large number of Bengaluru-based devices could be part of an international cyber war or a cyber-attack. In 2000, when a global search was launched for the originator of a virus called “I Love You”, FBI successfully traced it to a student in University in Philippines, who had accidentally let the virus out into the internet. This was a trigger for India notifying the cyber law here. Similarly, we cannot rule out the possibility of any of our CCTV devices or a smart TV being part of a global Mirai Botnet and a FBI investigator landing at our doorstep. In order to prevent such possibility, one simple rule is to change the default password set by the manufacturer of the CCTV device or the smart TV. The Bengaluru police should, therefore, undertake an awareness campaign to ensure that the owners of IP devices manage the security of the device access. The Karnataka government’s annual IT Biz will be opening shortly and I hope the government takes some steps to educate the public visiting the exhibitions, where such devices may be available for sale, about the risks of Mirai botnet and the precautions to be taken.