Biggest cyber attack ever launched

10 October 2016

Interview with

Peter Cowley, Tech Investor

Last month saw one of the biggest malicious attacks the web has witnessed on CCTVthe French internet hosting company OVH. Hackers hit the system with data requests at the rate of a terabit per second at the site, swamping the servers and causing huge disruption. Now the code used to launch the attack has been released online. As a result there are fears that these types of attacks could be about to mushroom. Peter Cowley explained how they did it to Kat Arney...

Peter - It's actually called a "distributed denial of service attack." The distributed means it's comes from various directions and denial of service means that it's been overwhelmed and, therefore, responds very slowly. So, if you went onto it as a normal user, something that would probably take a second to build might take hours, and hours, and hours, and the amount of data, as you said, is in the terabyte level.

Some of us will remember the Encyclopedia Britannicas which was a printed encyclopedia that was probably about three feet long on the shelf. It's possibly only for the older people because it's online now. But that actually works out at about three hundred and fifty-four sets of Encyclopedia Britannicas per second being shot at the server, which actually weighs nine tons as it turns out. So it's a huge amount of data.

Kat - This attack, so sending all these requests like: come on server, tell me, tell me, tell me stuff - that's coming from individuals people's devices that have been taken over and they might not even know it. How does that happen - what's going on there?

Peter - Yes. So what they did, they scanned the internet and found a hundred and fifty or so thousand webcams; not the ones that are built into a PC or laptop, that had not had their default passwords changed. And this is the biggest lesson you can learn from today - change your default password on these pieces of connected home kits. Then they alter the internal address from where the camera is sending its video data to the OVH server, presumably, and so it was streaming a hundred and fifty thousand sets of video at the same time. That is a huge amount of data.

Kat - So you've said "they did this." What do we know about who they are?

Peter - It's difficult to say. There's a guy called Krebs in the States, who's a journalist, who's well known for saying things about terrorists which, shall we say, they don't want to hear, and don't want to be publicised. His website was being hosted on OVH. Who was doing it? - don't know - that hasn't come into the public domain yet.

Kat - What risk does that have for us as individuals? Obviously, it's very, very inconvenient, potentially very bad for companies if their servers are under attack like this.

Peter - What's the risk? The risk is that something can be seen that you don't want to be seen. So, for instance, I had a look online and there's a website which actually shows a picture of the radio telescope array near Cambridge, which is off one of the cameras on the site there. Hacking into cars we've heard about, so there's a whole stack of things that potentially could go wrong. Of course, go back to what I said - change the default password.

Kat - So that's basically the key piece of advice here is if you have any device that's going on the internet, change the password. Do we need to change them regularly? What's the best way to protect yourself with passwords?

Peter - Well first of all, if you really are worried about this, don't buy one of these devices. But, on the basis that the benefits outweigh the risks, then the first thing to do is change it's default password and then secondly, is to trust the cloud system it's connect to to be good enough to protect you in that situation.

So, on the basis that we're moving towards a more and more connected life with our phones and then a billion or so connected devices in time, we have to trust the companies to protect us.

Add a comment

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.