Skip to Content

How the Internet of Things Took Down the Internet

In a worrying trend, our smart devices are being commandeered to launch massive cyber-assaults.
October 24, 2016

When the Internet apocalypse comes, your smart thermostat may be to blame. That’s the lesson from last week’s epic Internet outage, in which attackers used Internet-connected devices inside people's homes to bring a large chunk of the Web to its knees.

The outage, which mainly affected the East Coast of the U.S., struck on Friday morning but was felt into the weekend. It was caused by a large distributed denial of service (DDoS) attack, leveled at the servers of the domain name system host Dyn, which overwhelmed servers with data requests and made it impossible for users to fetch the files of Web pages.

But according to staff at Dyn who spoke with the New York Times, the takedown was facilitated by hundreds of thousands of Internet-connected devices—from Web cameras to routers—that had been hacked to contribute to the attack. When mobilized together, these pieces of innocent hardware can be used to send Web page requests to servers at such a rate that genuine requests are completely ignored. Sometimes, servers even fail altogether.

Friday’s attack comes less than a month after the website of security expert Brian Krebs and servers of the French Web hosting provider OVH were taken offline by DDoS attacks. Those were also orchestrated using as many as one million Internet-connected devices, such as digital video recorders or printers.

Hackers have been installing malware on PCs for years in an attempt to control them to take down Web servers. But as we install ever more Internet-connected devices in our homes, we increase the number of potential tools available to people looking to turn them into weapons.

Last week’s assault was more significant. Security expert Bruce Schneier argued not long before Friday’s incident that someone, somewhere “is learning how to take down the Internet” using these kinds of attacks. He reckons that hackers are slowly evaluating servers around the globe to identify their weak spots and the best ways to bring them down.

Who’s behind the attacks remains unclear, though it could be a nation-state, such as China or Russia—because there’s little motivation for most criminals to bother. But what does seem certain is that it will happen again.

(Read more: New York Times, “Massive Internet Outage Could Be a Sign of Things to Come,” “The Internet of Things Goes Rogue”)

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.