Peter Cowley, Tech Investor
Last month saw one of the biggest malicious attacks the web has witnessed on the French internet hosting company OVH. Hackers hit the system with data requests at the rate of a terabit per second at the site, swamping the servers and causing huge disruption. Now the code used to launch the attack has been released online. As a result there are fears that these types of attacks could be about to mushroom. Peter Cowley explained how they did it to Kat Arney...
Peter - Itís actually called a ďdistributed denial of service attack.Ē The distributed means itís comes from various directions and denial of service means that itís been overwhelmed and, therefore, responds very slowly. So, if you went onto it as a normal user, something that would probably take a second to build might take hours, and hours, and hours, and the amount of data, as you said, is in the terabyte level.
Some of us will remember the Encyclopedia Britannicas which was a printed encyclopedia that was probably about three feet long on the shelf. Itís possibly only for the older people because itís online now. But that actually works out at about three hundred and fifty-four sets of Encyclopedia Britannicas per second being shot at the server, which actually weighs nine tons as it turns out. So itís a huge amount of data.
Kat - This attack, so sending all these requests like: come on server, tell me, tell me, tell me stuff - thatís coming from individuals peopleís devices that have been taken over and they might not even know it. How does that happen - whatís going on there?
Peter - Yes. So what they did, they scanned the internet and found a hundred and fifty or so thousand webcams; not the ones that are built into a PC or laptop, that had not had their default passwords changed. And this is the biggest lesson you can learn from today - change your default password on these pieces of connected home kits. Then they alter the internal address from where the camera is sending its video data to the OVH server, presumably, and so it was streaming a hundred and fifty thousand sets of video at the same time. That is a huge amount of data.
Kat - So youíve said ďthey did this.Ē What do we know about who they are?
Peter - Itís difficult to say. Thereís a guy called Krebs in the States, whoís a journalist, whoís well known for saying things about terrorists which, shall we say, they donít want to hear, and donít want to be publicised. His website was being hosted on OVH. Who was doing it? - donít know - that hasnít come into the public domain yet.
Kat - What risk does that have for us as individuals? Obviously, itís very, very inconvenient, potentially very bad for companies if their servers are under attack like this.
Peter - Whatís the risk? The risk is that something can be seen that you donít want to be seen. So, for instance, I had a look online and thereís a website which actually shows a picture of the radio telescope array near Cambridge, which is off one of the cameras on the site there. Hacking into cars weíve heard about, so thereís a whole stack of things that potentially could go wrong. Of course, go back to what I said - change the default password.
Kat - So thatís basically the key piece of advice here is if you have any device thatís going on the internet, change the password. Do we need to change them regularly? Whatís the best way to protect yourself with passwords?
Peter - Well first of all, if you really are worried about this, donít buy one of these devices. But, on the basis that the benefits outweigh the risks, then the first thing to do is change itís default password and then secondly, is to trust the cloud system itís connect to to be good enough to protect you in that situation.
So, on the basis that weíre moving towards a more and more connected life with our phones and then a billion or so connected devices in time, we have to trust the companies to protect us.