Week in Review: November 11, 2016

The DDoS Attack that Disrupted the Internet

On October 21, the largest distributed denial-of-service (DDoS) attack was launched against Dyn, a domain name system (DNS) infrastructure provider company in the United States. For more than two hours, users were unable to access major websites, including The New York Times, Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, EA, the Playstation Network, among others. Two security firms, Flashpoint and Akamai, confirmed that a large source of the attack originated from the Mirai botnet, which has infected many Internet of Things (IoT) devices. Cybersecurity expert Bruce Schneier raises multiple concerns in the aftermath of such an attack. He suspects that the DDoS attack was a part of a probing effort, which is a “calibrated kind of attack, one that’s designed to take advantage of an individual website’s precise security weaknesses.” Furthermore, Schneier is alarmed by botnets and the security of these IoT devices. IoT devices are unsecure and will remain so because there is no incentive for either buyer or seller to improve the security at a higher cost. Analysts estimate the number of IoT devices to increase by a factor of 10 or more. This most recent DDoS attack used millions of IoT devices to overwhelm Dyn.

China’s Tightens Internet Control through New Cybersecurity Law

This week, China passed new cybersecurity regulations that will go into effect by the summer of 2017. The proposed aims of the law are to “strengthen the protection of personal information and combat online fraud.” The new regulations impose data localization, surveillance, and real-name requirements on technology companies that will increase China’s control over the Internet. First, all “critical infrastructure operators” will need to store data within China’s borders. In August, more than 40 business groups from the U.S., Europe, and Asia submitted a petition to the Chinese Premier Li Keqiang to challenge the law because data localization will remove China from the digital economy, inhibiting trade and innovation. “We believe this is a step backwards for innovation in China that won’t do much to improve security,” said James Zimmerman, the chairman of the American Chamber of Commerce in China. Furthermore, users must register with their real names and personal information on instant messaging services and other Internet companies. According to TechCrunch, the real-name policy will bolster the incidents of self-censorship within the community. Finally, companies are required to support Chinese censorship measures and to provide “technical support” to Chinese government agencies during investigations. Technical support could be loosely defined to incorporate government surveillance programs or technological backdoors. Ultimately, China’s new law threatens to counteract its original purpose – inadvertently reducing security and potentially exposing personal information.

The Hacking of the U.S. Presidential Election

The 2016 U.S. Presidential Election has been one of the most interesting elections that we’ve had in American history. Never before has the integrity of the presidential election been questioned at such a large scale due to cyberattacks and hacks. Earlier this year, Russian hackers gained access to two voter registration databases in Illinois and downloaded the data of as many as 200,000 voters. Russian hackers purportedly influenced the election further through the