Several "massive" cyberattacks were launched last week, with an "army" of security cameras and DVRs being hijacked by hackers, the Wall Street Journal reports. Even famed security researcher Brian Krebs was affected, and saw his website temporarily disabled. The hackers hijacked up to a million cameras, DVRs, and other devices and used them to generate webpage requests and unwanted data that forced targets offline in a "denial-of-service attack." It's not clear whether the hackers had access to any video feeds from the devices, but the attack has renewed concerns over the so-called "Internet of Things," "smart" devices that connect to the internet and are present in millions of homes—and that are likely "plugged in and forgotten," the Journal notes.
Such devices are likely "never going to be updated" by users, says a security expert, and they include not just cameras and video recorders but lightbulbs, routers, cable set-top boxes, refrigerators, and even cars. Krebs notes, "We need to address this as a clear and present threat not just to censorship but to critical infrastructure." And another security expert says this attack could have been just "the tip of the iceberg." The Chinese manufacturer of hijacked security cameras used in the attack, Dahua Technology, recommends users always update their devices' firmware and use strong passwords. As for why Krebs was targeted, Engadget says it was revenge for him having recently exposed two major sellers of tools used in cyberattacks. (In another case, a hacker used her skills to escape a cult.)