Last Friday, tens of millions of connected smart home devices joined forces to take out a whole slew of popular sites—from Twitter to Netflix, Spotify, The New York Times, Reddit, and Curbed as well. No, it wasn’t some Maximum Overdrive-like revolt of the Internet of Things. Rather, anonymous hackers took control of the devices using a bit of malware, effectively wielding everything from smart baby monitors to DVRs, routers, and webcams in a large-scale distributed denial of service (DDoS) attack against Dyn, one of the internet’s biggest domain intermediaries.
As our sister the Verge details, hackers were able to hijack these devices by targeting ones that had weak or default passwords. Once they’d gained access to millions of gadgets, the hackers simultaneously instructed these zombie gadgets to send repeated requests to Dyn, overwhelming the servers that connect users to website domains.
Security experts have warned about the potential flaws of smart, WiFi-connected devices, but never before have so many gadgets been mobilized in a coordinated attack. The incident has sparked renewed calls for users to be more wary in the device set-up process and to always, always change the default password.