Late last month, the world saw a Distributed Denial of Service (DDoS) attack of historic proportions. Anyone who uses a computer, tablet, smart phone, or web-enabled technology—including many churches and church leaders—needs to understand the significance of this attack and what they can do to minimize their vulnerabilities when future ones occur.
Signs of Skynet?
I love watching—and re-watching—the Terminator movies. In those movies, the Skynet computers that everyone relies on gain artificial intelligence and consciousness, and then band together to eliminate human life. The methodology of a DDoS attack is a little like Skynet. And there’s not much yet that can be done to stop this methodology—although taking some precautionary steps can help.
A DDoS attack works in a manner similar to the way a little rain can wreak havoc by saturating parched ground, causing mudslides:
- A large number of private computers and devices flood a targeted computer, network, or service with phony requests.
- The computer, network, or service is so overwhelmed that it cannot respond to legitimate requests in a timely manner.
- The result is that the target appears to be down—the digital effect of a mudslide.
The large number of computers or devices are usually infected with a form of malware (such as a computer virus, a Trojan computer file, and so on) that allows a remote antagonist to trigger the attack in a coordinated fashion. Those computers and devices are often referred to as a botnet. Botnets are notorious for sending spam email and DDoS attacks.
The early analysis points to amateur hackers as the source of the October 21 DDoS attack. The code used to create the botnet was put on a hacking site in early October and first used in a smaller DDoS attack. The subsequent attack on October 21 was the largest on record, but it was only one-fifth of what it could have been. Data from those attacked showed the botnet contained 500,000 devices, but only used 100,000. Many wonder if the October 21 attack was a warning shot, though the targeted systems were so general in nature that no one has yet figured out what the attacker was after.
The malware used to create the botnet was able to capture and use computers and mobile devices (not unusual), but also devices connected to the internet that are often referred to as the Internet of Things (IoT). The IoT includes many consumer devices connected to the internet, such as DVRs, security cameras, door locks, thermostats, appliances, and so on. These devices typically have little or no security protecting them.
What Can You Do?
The IoT is here to stay, providing many benefits to consumers. Here are a few things device users, including those in churches, can do to help secure internet-connected devices from malware and exploitation of this type:
- Contact your Internet Service Provider (ISP) to discover if there are security settings available on the router or modem it provided that would protect your devices from getting infected by malware.
- Consider adding a firewall to your system designed to protect everything inside your home or office from digital invaders. Those my firm prefers are from Dell and are called SonicWALLs.
- Make certain every device connected to the internet in your home or office no longer accepts connections using default credentials (username and password). In other words, change the administrative-level password on your devices from whatever the default is to something different and somewhat complex (minimum of 7 or 8 characters that include each of the following: uppercase alpha, lowercase alpha, number, common punctuation).
It’s also important not to open or click links in emails that are spam (and to remind others in your home and church office not to do so, either). Spam email is one of the most common delivery vehicles of malware. The other most common delivery method is via infected websites (they may even be legitimate websites), so be certain to use an anti-malware solution such as ThirtySeven4.
Nick Nicholaou is president of MBS, an IT consulting firm specializing in church and ministry computer networks, VoIP, and private cloud hosted services. He is author of Church IT: Using Information Technology for the Mission of the Church (Christianity Today, 2019).
This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is published with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations."
Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.