Hack of Mass Destruction

Sometimes a name must be created to describe a new phenomena that has never existed before. Sometimes that name is so obvious, it almost creates itself. With that in mind, we present to you:

Hack of Mass Destruction noun (2014) A computer hacking attack in which a large group of people are targeted based on their use of homogeneous computer networking equipment. Four and a half million internet subscribers of a Brazilian ISP were knocked offline yesterday after their routers were attacked by a Hack of Mass Destruction.

hack of mass destructionSo what does this mean? Well, it represents the beginning of an evolutionary shift in how hackers work. Hackers generally target computers so that they can control them to send SPAM, attack other computers, or other types of bad behavior. Doing this is becoming more difficult as more people begin to run sophisticated anti-virus software.

In response to this, some hackers are beginning to attack people’s networking equipment. There are several reasons for this:

  1. Networking equipment is notoriously filled with security vulnerabilities that hackers know how to exploit. These vulnerabilities almost never get fixed, because doing so is quite difficult for most people. Furthermore, most people aren’t even aware that their equipment contains these vulnerabilities. This means that a router is generally easier for a hacker to attack than a computer.
  2. Once a hacker is able to compromise a home’s computer network, infecting every computer in that house becomes much easier. If he’s able to do that, removing all traces of malware  will become a much more difficult job.
  3. If a hacker develops an effective attack against a certain type of equipment (e.g. a certain model of a router) then his ability to deploy it against a very large group of people is made easy.

It’s this last one that puts the Mass in Mass Destruction. So how can a hacker find many people with exactly the same equipment that he knows how to attack? Simple:

  • Find an ISP that provides this equipment to its subscribers. That’s what ISPs generally do – give their subscribers identical equipment. It’s public knowledge and easy to find how and where an ISP’s subscribers connect to the internet (i.e. the blocks that contain their IP addresses). Let the attacks begin! This becomes even scarier when you realize that many countries have nationally-controlled ISPs. Attack their subscribers/citizens and you can effectively knock an entire nation off of the internet.
  • Use a device search engine. Yes, these things exist – the most popular being SHODAN. Want to find a list of IP addresses in Finland that run the iconic Linksys WRT54G router? Easy Peasy.

If you’d like to read about some real life cases where there was a Hack of Mass Destruction, you can read about them here.