Cyber incidents dominated headlines this year, from Russia’s hacking of Democrat emails to internet cameras and DVRs launching DDoS attacks, leaving the impression among many that nothing should be entrusted to the internet.
These incidents reveal technical flaws that can be addressed and failure to employ best practices that might have prevented some of them from happening.
The most important lesson is that cybersecurity is a perpetual battle in which neither side gets the upper hand for long and that requires constant incident post-mortems to discover the next measures to keep data and communications safe.
Here is a look at seven such incidents and what lessons they afford.
The theft of emails from the Democratic National Committee not only revealed information that turned many away from Democratic presidential candidate Hillary Clinton, it also showed that Russia was trying to influence the election in favor of Republican Donald Trump.
U.S. intelligence services say the hack was likely the work of Russian hackers with possible ties to top Kremlin officials, although the opinion is not unanimous. Trump disputes even that Russia was involved at all. President Barack Obama has called for a report on the incident before he leaves office next month, but it’s likely the true nature and impact of the breach won’t be known for long after that, if ever.
The case points up the general difficulty of attributing attacks to particular actors with incontrovertible evidence. Researchers at security vendors have attributed this compromise to Russian groups Cozy Bear and Fancy Bear based on its tactics and methods, but that doesn’t link it conclusively to the Russian government.
What the incident does show is that politically motivated attacks can be effective and can be carried out without leaving a smoking gun.
The attack exposes the influence foreign states can have over any country’s elections. More narrowly, candidates and their parties need to pay more attention to better network security if they hope to avoid this type of attack in the future, regardless of who the perpetrator is.
Dyn DDoS attack
This massive DDoS attack against major DNS service Dyn had more spectacular results than the perpetrators likely hoped for.
It was noteworthy for enlisting tens of thousands of internet of things (IoT) devices into a botnet that carried out much of the attack. Three waves of traffic hit Dyn Oct. 21, focusing on different Dyn data centers.
The attack was made more potent because when Dyn’s servers became flooded, DNS requests went unanswered long enough so the requesting machines – legitimate ones and bots - sent follow-up requests, compounding the traffic flood.
Sign up for Computerworld eNewsletters.