MINNETONKA, Minn. – By now, you may have heard about last week’s massive online attack that either slowed or shut down several websites.
But we are now learning how the attack happened. Consumers who use internet connected devices like cameras, thermostats or routers played a role in the hack and they had no idea it was happening, according to investigators.
It’s a scenario KARE 11 Investigates revealed last year with the help of computer expert Mark Lanterman of Computer Forensic Services.
“This isn’t new,” he said.
Lanterman showed KARE 11 security cameras and other internet-connected devices that were not secured properly.
"The fact is it’s all publicly available,” he said.
How? Because many devices that are connected to the internet -- from surveillance video to baby monitors to home routers are set to the default username and password which can be easily accessed.
“Often the default passwords are listed in the manufacturer's documentation,” he said. "And that’s all that the hackers had to do.”
Investigators say hackers used unsecured devices, changed their software and sent overwhelming traffic to a major web server slowing or shutting down websites like Netflix.
And it's not just cameras, but infrastructure. Lanterman showed us hackers could gain access to wind turbines, gas pumps, or traffic cameras with a few key strokes. All of it accessible to the public because the devices either didn’t have a username and password or had not been changed from the default setting.
"Taking down Netflix, so what. What are they going to take down next?” he wondered.
But here's the good news. The fix is relatively easy, he said.
First, consumers who own these internet-connected devices need to change the default username and password.
“We need to change the default username and passwords of our routers, of our security cameras, of our thermostats and coffee makers,” he said.
Even changing the password and leaving the default username will help because most hackers will bypass that device for low-hanging fruit, he said.
Second, he argues manufacturers need to send out software updates to consumers on a regular basis much like people get on their phones. He believes that will stop this type of hack from happening again.
“The hackers know that and they’re taking advantage of old software,” he said. “It’s very important for manufacturers step up, stop being lazy, and put some security into their products.”