Russian cyber campaign may tap into millions of devices
An aggressive campaign by Russian cyberplayers targeting internet devices in homes, businesses and government locations aims to control the devices for espionage, intellectual-property theft and preparation for a possible future action, CBS News has learned. The U.S. and U.K. were expected to release a warning about the campaign.
U.S. and U.K. officials are worried about increasingly common Wi-Fi-enabled gizmos, known as "Internet of Things" devices, in everyone's homes. Millions of machines, both domestic and enterprise, are potentially vulnerable because of lax security and could be used not only for spying but as vectors for further attacks.
The so-called "Mirai botnet" attack in 2016 hacked into and hijacked thousands upon thousands of mundane internet-connected devices like cameras and DVRs, using them to "ping" web addresses, sending crushing volumes of web traffic to target servers. The resulting cyberattack, the biggest of its kind ever recorded, knocked some of the world's largest online companies offline for long periods. As the number of "smart fridges," internet-connected smart TVs, webcams and other Wi-Fi-enabled devices grows rapidly, so does the risk of them being used by nefarious actors, without their owners ever knowing.
The U.S. and U.K. are worried that the next version of the "Mirai" attack could harness even more devices, and target something more critical than Netflix — like the electrical grid or other crucial infrastructure.
The threat is huge and complex, but the solution could be as easy as changing the default password on a home router.
The Russian campaign has been going on for many months, possibly over a year.
U.S. and U.K. officials said the campaign wasn't related to Friday night's airstrikes by American, British and French forces on Syria, a Russian ally, or meddling in the upcoming U.S. midterm elections.