Tags: ddos attack | dyn | trump | law | legislation

One Cybersecurity Law You Want Passed This Year

One Cybersecurity Law You Want Passed This Year

(Christopher Furlong/Getty Images)

By Thursday, 10 November 2016 02:45 PM Current | Bio | Archive

Unless you were scuba diving in Loon Lake looking for Hillary’s lost emails for the past month, you know there was a huge distributed denial of service attack (DDoS) recently that, had it been pointed at our power grid, banking system or Election Day, could have crippled America.

As it happened, the Dyn attack was more of a nuisance than a peril to national security. It snarled Internet traffic to popular sites including PayPal, Twitter, Amazon, Reddit, Verizon, Spotify, and Playstation. There were a total of three attacks on October 21, each building on the chaos caused by the proceeding one. The net result wasn’t great for consumers, but it was disastrous for Dyn’s reputation on the cyber security front. It proved the axiom that it’s no longer a question as to whether any organization will become the target of a cyber attack, but rather when it will happen. Organizations that “misunderestimate” the threat do so at their own peril.

There are many more serious attacks to consider, and the specter of unimaginable ones to come.

Remember the DDoS attack that took out the websites of JPMorgan Chase, Bank of America, Wells Fargo, Citigroup, and other financial companies in 2012? What about the flash crash of 2010? While the guttering of U.S. financial markets was not attributed to hackers, it was not conclusively determined what caused it. And while it is equally axiomatic that speculation is a low form of groupthink when it comes to cyber security issues, it should at least be considered that some form of cyber attack could have played a part there.

The bottom line is that DDoS attacks are disasters waiting to happen — large and small — and that whatever can be done to hinder them should be implemented posthaste.

How It Works (Or Not)

The success of a DDoS attack hinges on its mode of distribution. The goal is to find a way to send enough traffic to a target so no more requests can be processed, the servers powering one or many sites fail, or the ways and means that let people get where they want to go no longer function.

In the most recent DDoS attack of Dyn, hackers determined that there were enough webcams of a certain make out in the market with a particular security flaw to make possible an attack using their ability to communicate with the manufacturer via Internet as a weapon.

The main reason this attack was possible was that the webcam manufacturer provided users with a default password, one that many users never bother to reset.

After all, who would want to hack a webcam? (This is a question that boggles the mind if you think about it for a moment.)

One Federal Law Anyone Can Get Behind

The solution to the hackable default password problem is simple: make that set-up illegal. The law: Anything that connects to the Internet (Internet of Things, or IoT, devices) and sold in America must be delivered nonfunctional, activation requiring a long and strong password to be set during the registration process for that device.

Consider the way ATMs work when you use a debit card equipped with the new EMV chip technology. Many machines will not release your cash until you remove your card or finish whatever else you are supposed to be doing there in front of the machine. It’s a very simple way to protect consumers from the ultimate security breach: a lost card.

By requiring a password to make an IoT device work, the same principle would be applied. It is a minimally invasive requirement that will remedy a prevalent security flaw. Security matters when it comes to the Internet of Things.

Whether we’re talking about a toaster, a television, a fitness monitor, smartphone or the online registration for a product or service, hackers are always looking at ways to find a chink in our collective security protocols. Since consumers are conditioned to activation procedures for many products and services, this is an easy fix, and a nearly invisible law with minor compliance costs. And were we able to pass a federal law that applied to all such devices, whether made domestically or imported, IoT would quickly dry up as a pathway for hackers.

Adam K. Levin is a consumer advocate with more than 30 years of experience and is a nationally recognized expert on security, privacy, identity theft, fraud, and personal finance. A former Director of the New Jersey Division of Consumer Affairs, Levin is chairman and founder of IDT911 (IDentity Theft 911) and co-founder of Credit.com. Levin is the author of Amazon Best Seller "Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves." Read more of his reports — Go Here Now.

© 2020 Newsmax. All rights reserved.

1Like our page
Unless you were scuba diving in Loon Lake looking for Hillary’s lost emails for the past month, you know there was a huge distributed denial of service attack (DDoS) recently that, had it been pointed at our power grid, banking system or Election Day, could have crippled America.
ddos attack, dyn, trump, law, legislation
Thursday, 10 November 2016 02:45 PM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
© Newsmax Media, Inc.
All Rights Reserved