Securing the Internet of Things

 

Last Friday’s attack was apparently caused by the Mirai botnet, which targeted unprotected IoT devices, including Internet-ready cameras. In its wake, the inevitable has happened. There have been calls for more government regulation:

A U.S. Senator has joined security officials calling for stiffer cybersecurity for Internet of Things (IoT) devices following a major attack last Friday.

In a letter to three federal agencies, Sen. Mark Warner (D-Va.) on Tuesday called for “improved tools to better protect American consumers, manufacturers, retailers, internet sites and service providers.”

People (including Ricochet members) have been warning about the risks of the IoT for ages, but this hasn’t stopped manufacturers from flooding the market with cheap, unsecured devices — nor has it stopped consumers from purchasing them. The consensus of most of the experts I’ve read is that this is indeed a classic tragedy of the commons problem, as Senator Warner suggests, and that the only solution is for the government to step in to solve the problem.

It’s certainly true that no industry could have been warned more often that it had a problem. I read the warnings, and I sure wasn’t keen to buy any of those devices. Frankly, everything I read about the IoT creeps me out and reminds me of this:

But I seem to be an outlier in my instinctive aversion. And it seems to be true that neither manufacturers nor consumers paid those warnings much mind, either out of greed, laziness, or incomprehension. It’s also true that the cost of their error was borne by everyone, not just the specific manufacturers and consumers.

Bruce Schneier, who’s always interesting to read, thinks there’s no conceivable market solution to the problem:

The market can’t fix this because neither the buyer nor the seller cares. Think of all the CCTV cameras and DVRs used in the attack against Brian Krebs. The owners of those devices don’t care. Their devices were cheap to buy, they still work, and they don’t even know Brian. The sellers of those devices don’t care: they’re now selling newer and better models, and the original buyers only cared about price and features. There is no market solution because the insecurity is what economists call an externality: it’s an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution.

What this all means is that the IoT will remain insecure unless government steps in and fixes the problem. When we have market failures, government is the only solution. The government could impose security regulations on IoT manufacturers, forcing them to make their devices secure even though their customers don’t care. They could impose liabilities on manufacturers, allowing people like Brian Krebs to sue them. Any of these would raise the cost of insecurity and give companies incentives to spend money making their devices secure.

So is this genuinely a situation where government must step in? And if so, is it reasonable to expect the government to be any good at regulating this industry?

Also, a question for the lawyers: Why do we need the government to “impose liabilities” on the manufacturers? That’s to say, what’s preventing Brian Krebs from suing them right now? What prevents the people who were inconvenienced by last Friday’s attack from joining a class action suit against the companies in question?

Published in General, Science & Technology
Like this post? Want to comment? Join Ricochet’s community of conservatives and be part of the conversation. Join Ricochet for Free.

There are 172 comments.

Become a member to join the conversation. Or sign in if you're already a member.
  1. Robert Dammers Thatcher
    Robert Dammers
    @RobertDammers

    anonymous:…These devices should have a purely local connection and operate as slaves to a master program which runs on a device or devices (computer, mobile device, or dedicated controller) which has a single point of connection to the Internet, security comparable to desktop computers, and the same ability to apply security patches and update as personal computers have.

    Amen.  and Amen.

     

    • #31
  2. Terry Mott Member
    Terry Mott
    @TerryMott

    Phil Turmel:

    cirby: Or, in the case of a camera, upload a “bricking” firmware update to make sure that sort of thing never happens again.

    It would be enough for government to stop forbidding counter-attacks like this, as responding to a cyber-threat should be under the same umbrella as self defense and defense of property.

    It would spur the market to create un-brickable products, which effectively means un-hackable. Even if only asymptotically. /-:

    This.

    • #32
  3. Matt Bartle Member
    Matt Bartle
    @MattBartle

    Suggestion to manufacturers: at the very least, make sure users have to change the default password! At least there wouldn’t be stuff on the Internet you can get into with username “admin” and password “password” or whatever. For any device, it’s easy to search and find the default login.

     

    • #33
  4. Front Seat Cat Member
    Front Seat Cat
    @FrontSeatCat

    anonymous:

    Matt Upton: The quoted author makes a reasonable case to show why the problem is not easily solvable by market forces, but presupposes (domestic) government efficacy without any analysis. All we will get with government regulation is the equivalent of reinforced cockpit doors. Most likely, the regulations will stifle innovation and/or leave gaps for future attacks.

    In early 2015, the Pentagon’s top acquisition official issued a mandate to protect weapons—first as part of a cyberstrategy and later as part of an acquisition reform initiative called Better Buying Power 3.0. Now the services have been given the task of protecting a weapon’s various digital elements—often without additional funding.

    Solutions to cyberattacks are best incorporated into the design from the start. (What a concept—who could have thought of that? JW) But even then things can get complicated. The new OCX command-and-control system for GPS satellites, for example, has a dizzying number of interfaces that must be protected. The program tried to use Public Key Infrastructure certifications as a way to add authentication for those interfaces. “We almost broke the PKI bank because of the number of certifications required,” [Lt. Gen. Ellen] Pawlikowski [Air Force Materiel Command] said.

    I didn’t particularly like the words “Little by Little” in their title……sigh…..

     

    • #34
  5. EJHill Podcaster
    EJHill
    @EJHill

    Questions for anonymous

    What should the average consumer do to protect himself and others?

    I have AT&T UVerse. That’s IP tv and wifi.

    Devices connected directly to the router:

    • Apple TV
    • DVR and 1 sub-DVR set top
    • 1 Samsung Smart TV
    • 1 desktop PC

    Devices latched wirelessly as needed:

    • 2 laptops
    • 2-3 iPads
    • 2-5 iPhones

    PCs are all running ESET antivirus.

    Is this setup avoiding or contributing to the problem?

    • #35
  6. Austin Murrey Inactive
    Austin Murrey
    @AustinMurrey

    EJHill:Questions for anonymous

    What should the average consumer do to protect himself and others?

    I have AT&T UVerse. That’s IP tv and wifi.

    Devices connected directly to the router:

    • Apple TV
    • DVR and 1 sub-DVR set top
    • 1 Samsung Smart TV
    • 1 desktop PC

    Devices latched wirelessly as needed:

    • 2 laptops
    • 2-3 iPads
    • 2-5 iPhones

    PCs are all running ESET antivirus.

    Is this setup avoiding or contributing to the problem?

    Unhelpful advice from every non-JW computer geek I’ve ever talked to:

    1. Switch everything to Linux.
    2. Your problem is solved.
    • #36
  7. Hank Rhody Contributor
    Hank Rhody
    @HankRhody

    cirby:When I’m feeling silly, I pull out one of my older wireless routers, plug it into the wall, turn off its security features, and let it sit.

    Note that I didn’t mention plugging it into the actual network.

    If someone hacks that particular device, they’re going to be really puzzled about why they can’t get out on the net with it. Every once in a while, I wipe it and update the firmware, but it’s NEVER going to be used for anything on my networks…

    I get why you’d do this but… isn’t that still leaving it open to be used in a botnet?

    • #37
  8. Aaron Miller Inactive
    Aaron Miller
    @AaronMiller

    Like security and liberty are competing values in politics, security and accessibility are competing values in software and electronics. Increasing security generally means decreasing the consumer’s ease of use and breadth of options. There are markets for both security-concerned buyers and risk takers.

    But, as usual, it doesn’t matter what we think about the destructive potential of regulation. Congressional representatives are elected on a balance of dozens of issues, among which this isn’t even primary. And the actual regulators are unelected. Work around government, not through it.

    • #38
  9. Claire Berlinski, Ed. Editor
    Claire Berlinski, Ed.
    @Claire

    So, here’s the thing: These bozos who make and buy inherently insecure IoT refrigerators and fail to change the passwords end up inconveniencing me. Surprisingly, I didn’t die when I couldn’t access Twitter for 20 minutes, but however trivial my inconvenience, neither those manufacturers nor those consumers had a right to inflict it on me. Their negligence took Ricochet down for a few minutes: That’s a violation of our property rights. Is it not the proper role of government to protect property rights?

    How will I and the hundreds of millions of other Internet users who are inconvenienced — in small ways or large — by third-party irresponsibility or incompetence be protected and if required compensated? If a particular kind of defective car were prone to stalling on the freeway and causing massive traffic jams, we would, I think, insist on regulating the sale of that kind of car. Attacks on these systems can and sooner or later will have consequences far more serious than a 20-minute Spotify blackout, too.

    I’m willing to believe the USG will be no good at regulating this, but not so willing to believe it has no business regulating this. There is a public commons here; we all use it. And when it’s attacked, we all share the burden of it. Isn’t this the reason we form governments in the first place? To secure our property rights?

    • #39
  10. Hank Rhody Contributor
    Hank Rhody
    @HankRhody

    How much of a crisis is this, anyway?

    Starting at approximately 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different (more on that later). Approximately two hours later, the NOC team was able to mitigate the attack and restore service to customers. Unfortunately, during that time, internet users directed to Dyn servers on the East Coast of the US were unable to reach some of our customers’ sites, including some of the marquee brands of the internet. We should note that Dyn did not experience a system-wide outage at any time – for example, users accessing these sites on the West Coast would have been successful.

    After restoring service, Dyn experienced a second wave of attacks just before noon ET. This second wave was more global in nature (i.e. not limited to our East Coast POPs), but was mitigated in just over an hour; service was restored at approximately 1:00 pm ET. Again, at no time was there a network-wide outage, though some customers would have seen extended latency delays during that time.

    The internet is down for three whole hours. One part of the internet. I don’t want to say that’s not bad, but it hardly rises to a catastrophe. Fix the problem, but don’t pretend it’s the sort of emergency that demands government respond right now (or at all.)

    • #40
  11. Austin Murrey Inactive
    Austin Murrey
    @AustinMurrey

    Claire Berlinski, Ed.: Isn’t this the reason we form governments in the first place? To secure our property rights?

    Considering that thanks to income taxes and property taxes we basically cede the ownership our own earnings and rent land from the government I’m going to say no. :)

    • #41
  12. Ontheleftcoast Inactive
    Ontheleftcoast
    @Ontheleftcoast

    anonymous: Right, so these Pentagon peckerwoods have been hosing out taxpayers’ money on network-connected lethal and mission-critical systems without giving the slightest thought as to how they might be compromised by malefactors.

    Like other divisions of the administrative state, they believe that if you break windows, (with a lower case w, not Windows™, the upper case one does a fine job of breaking itself) it is an economic stimulus. Although I suppose that in Pentagon procurement land, it is… for the well connected companies that get hired to fix the problems that “without giving the slightest thought” created….

    • #42
  13. Jager Coolidge
    Jager
    @Jager

    Claire Berlinski, Ed.: I’m willing to believe the USG will be no good at regulating this, but not so willing to believe it has no business regulating this. There is a public commons here; we all use it. And when it’s attacked, we all share the burden of it. Isn’t this the reason we form governments in the first place? To secure our property rights?

    This seems a little contradictory to me. The government will likely be no good at finding a solution but they should anyway.

    I think there should be more of a 2 part question before the government acts. 1) Is there a problem? 2) Does the government have a good fix that is both effective and not overly burdensome?

    If the answer is not yes to both of these then there should be no action. We get into trouble with simply saying there is a problem, so there should be a law.  The details of the government action matter.

     

    • #43
  14. EJHill Podcaster
    EJHill
    @EJHill

    Claire Berlinski, Ed.: These bozos who make and buy inherently insecure IoT refrigerators and fail to change the passwords end up inconveniencing me.

    I don’t understand why a refrigerator or any other appliance needs wifi.

    Security cameras that provide owners with remote access is a different animal. So are DVRs since that’s the delivery platform to begin with.

    • #44
  15. Terry Mott Member
    Terry Mott
    @TerryMott

    Hank Rhody:

    cirby:When I’m feeling silly, I pull out one of my older wireless routers, plug it into the wall, turn off its security features, and let it sit.

    Note that I didn’t mention plugging it into the actual network.

    If someone hacks that particular device, they’re going to be really puzzled about why they can’t get out on the net with it. Every once in a while, I wipe it and update the firmware, but it’s NEVER going to be used for anything on my networks…

    I get why you’d do this but… isn’t that still leaving it open to be used in a botnet?

    No.  He said he doesn’t plug it into the network, so it’s just a WiFi point with no connection to the Internet, either in or out.

    • #45
  16. Spin Coolidge
    Spin
    @Spin

    EJHill: I don’t understand why a refrigerator or any other appliance needs wifi.

    That’s because you are an old dude.

    I can think of a great reason:  when the water filter in my fridge is getting to the end of it’s life, there is a funny light that gradually goes from green to orange to red.  I don’t want that.  I want my fridge to send a note to Amazon and order me a replacement filter and have it shipped to arrive at my house on the day that the light would have become completely red.

     

     

    • #46
  17. Spin Coolidge
    Spin
    @Spin

    Austin Murrey:

    • Switch everything to Linux.
    • Your problem is solved.

    This is nonsense.

    • #47
  18. Joe P Member
    Joe P
    @JoeP

    Economic pedantry: This is not a Tragedy of the Commons.

    Tragedy of the Commons occurs when there’s no or insufficient property rights established over something, and thus people treat it poorly and squander it. The epynonymous Commons is overgrazed by everyone’s cows because it belongs to nobody, so nobody has the right to tell abusive people to stop this behavior.

    This is not the case here with this alleged IoT crisis. There are clearly defined property owners everywhere. Dyn owned the servers that were attacked, people owned the devices that did the attacking, those devices were made by identifiable manufacturers. All of those people have very clearly defined property rights. Those rights are being transgressed by jerks not mentioned here, but those rights exist quite clearly.

    It isn’t a Tragedy of the Commons if someone sold you a car with no locks and somebody else stole it to crash it into a Fox News studio. It’s quite clearly your car and Mr. Murdoch’s television studio, and both you and Mr. Murdoch are very clearly being transgressed against and can seek relief. There is no Tragedy of the Commons, and if there was, it would not justify legislation putting burdensome restrictions on Ford Motor Company (regardless of whether they were necessary for another reason).

    • #48
  19. Eric Hines Inactive
    Eric Hines
    @EricHines

    Claire Berlinski, Ed.: Is it not the proper role of government to protect property rights?

    There are good and bad ways to achieve this.  One good way is to apply sanctions to careless users.  “You knew your fridge/thermostat wasn’t secured against intrusion, yet you plugged it into the Internet anyway.  Here’s a nice sanction for you.”  And: “you knew that driving your car in that fashion exposed others to risk, yet you drove carelessly anyway and damaged that….  Here’s a nice sanction for you.”

    Don’t forget that among those bozos who make and buy inherently insecure are those buyers/users.

    There are instances where manufacturers are at fault and also need to be sanctioned.  But automatically looking to government to fault the other guy instead of the proximate actor is one of the ways we got to where we are today.

    Eric Hines

    • #49
  20. Joe P Member
    Joe P
    @JoeP

    And, while I’m rambling more about economics, a “market failure” doesn’t immediately justify government intervention. Market failures can also be solved with entrepreneurship, and most are very successfully.

    In this case, I wouldn’t be surprised if the bad press from this shames people into doing a better job and opens a space for better more secure IoT implementations. Concerns about safety often are used in other industries to differentiate products in a competitive fashion, so I don’t see why that can’t happen here.

    • #50
  21. Richard Finlay Inactive
    Richard Finlay
    @RichardFinlay

    Probable Cause:

    Claire Berlinski, Ed.: There is no market solution because the insecurity is what economists call an externality: it’s an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution.

    The externality effect is a legitimate rationale for government intervention into the market. Just sayin’.

    Though I grant all the caveats, especially (at best) the fecklessness and (at worst) the maliciousness of today’s federal behemoth.

    I, for one, would like to see some level of government successfully prevent the illegal propagation of subwoof noise through my neighborhood. If they can prove themselves effective in the audio sphere, then I’d be more willing to give them a hearing on their approach to the IoT problem.

    So all audio devices should be required to be connected to the internet so the government can control their volume settings to provide comfortable aggregate decibel results in all relevant neighborhoods.  A worthy goal, indeed.

    • #51
  22. Austin Murrey Inactive
    Austin Murrey
    @AustinMurrey

    Spin:

    Austin Murrey:

    • Switch everything to Linux.
    • Your problem is solved.

    This is nonsense.

    That’s the joke.

    • #52
  23. Eric Hines Inactive
    Eric Hines
    @EricHines

    Hank Rhody:How much of a crisis is this, anyway?

    Starting at approximately 7:00 am ET, Dyn began experiencing a DDoS attack. While it’s not uncommon for Dyn’s Network Operations Center (NOC) team to mitigate DDoS attacks, it quickly became clear that this attack was different (more on that later). Approximately two hours later, the NOC team was able to mitigate the attack and restore service to customers. Unfortunately, during that time, internet users directed to Dyn servers on the East Coast of the US were unable to reach some of our customers’ sites, including some of the marquee brands of the internet. We should note that Dyn did not experience a system-wide outage at any time – for example, users accessing these sites on the West Coast would have been successful.

    After restoring service, Dyn experienced a second wave of attacks just before noon ET. This second wave was more global in nature (i.e. not limited to our East Coast POPs), but was mitigated in just over an hour; service was restored at approximately 1:00 pm ET. Again, at no time was there a network-wide outage, though some customers would have seen extended latency delays during that time.

    The internet is down for three whole hours. One part of the internet. I don’t want to say that’s not bad, but it hardly rises to a catastrophe. Fix the problem, but don’t pretend it’s the sort of emergency that demands government respond right now (or at all.)

    Sure, the particular instance.  Go without power or running water for three hours.  For three days.  Was this a test run?  Probably not, but not certainly so.  It could well have been just a demonstration against Biden’s promised, but secret, cyber response to the Russians’ messing with our election process and email systems.

    Eric Hines

    • #53
  24. Spin Coolidge
    Spin
    @Spin

    EJHill:Questions for anonymous

    What should the average consumer do to protect himself and others?

    I have AT&T UVerse. That’s IP tv and wifi.

    Devices connected directly to the router:

    • Apple TV
    • DVR and 1 sub-DVR set top
    • 1 Samsung Smart TV
    • 1 desktop PC

    Devices latched wirelessly as needed:

    • 2 laptops
    • 2-3 iPads
    • 2-5 iPhones

    PCs are all running ESET antivirus.

    Is this setup avoiding or contributing to the problem?

    I’ll answer from my perspective and JW can weigh in with his.  I don’t think your setup is avoiding or contributing the problem, per se.  But I offer some guidelines for keeping yourself secure.

    First, get yourself a good router.  Here is an example of a good router.  Secure that router based upon the manufacturers specs.  Don’t rely upon AT&T’s combo modem / router.

    For your WiFi, it’s pretty much a religious debate about how to keep it secure.  I recommend you buy a solid wireless AP, separate from your router, and here is a good example of one.  Keep that router up-to-date with firmware updates.  You can rely upon the various security mechanisms,and everyone has their idea of what is best.  Google this, and make a determination for yourself what is best.  But check and see, regularly, what is connecting to your WiFi, and make sure you know everything.  If you see something and you don’t know what it is, block it.

    For all of your devices, make sure they are regularly patched and kept up to date.  Whatever antivirus you use is better than none, and again, it is a religious debate among IT guys which is best.  I like to keep a USB thumb drive with a series of cleanup tools on it, so that if a computer gets infected, it can be isolated from the network, and cleaned up.

    Don’t plug anything in to the network if it doesn’t need it.  Don’t plug your TV in just because it can be plugged in.

    The most important thing to do is be smart about your passwords.  Get a password manager like LastPass, and keep your non-critical passwords in there.  Do not use the same password you use for Netflix as the password to your bank, or for the admin account on your PC.  Do not use an admin account on your PC.  Rather, login as a normal user, but have separate credentials that you use when an administrative function needs to be done.

    On this subject, if you have any system (bank, Netflix, whatever) that requires you to set up verification questions, lie.  Use wrong answers, but write those answers down and store them in a safe or something.

    Let’s see, what else…I’m sure I’ll think of something….

    • #54
  25. Eric Hines Inactive
    Eric Hines
    @EricHines

    Terry Mott:

    Hank Rhody:

    cirby:When I’m feeling silly, I pull out one of my older wireless routers, plug it into the wall, turn off its security features, and let it sit.

    Note that I didn’t mention plugging it into the actual network.

    If someone hacks that particular device, they’re going to be really puzzled about why they can’t get out on the net with it. Every once in a while, I wipe it and update the firmware, but it’s NEVER going to be used for anything on my networks…

    I get why you’d do this but… isn’t that still leaving it open to be used in a botnet?

    No. He said he doesn’t plug it into the network, so it’s just a WiFi point with no connection to the Internet, either in or out.

    You’re suggesting war drivers can’t interact with an AP.  Of course, they can.  The WiFi is broadcasting a radio signal, and it’s receiving one.  It just can’t interact with the Internet via the LAN in his house.

    The lack of (easy) availability for a botnet is from his wiping the thing.

    Eric Hines

    • #55
  26. cirby Inactive
    cirby
    @cirby

    Hank Rhody:

    cirby:When I’m feeling silly, I pull out one of my older wireless routers, plug it into the wall, turn off its security features, and let it sit.

    Note that I didn’t mention plugging it into the actual network.

    If someone hacks that particular device, they’re going to be really puzzled about why they can’t get out on the net with it. Every once in a while, I wipe it and update the firmware, but it’s NEVER going to be used for anything on my networks…

    I get why you’d do this but… isn’t that still leaving it open to be used in a botnet?

    It’s not connected to anything. Someone doing a driveby (sitting in their car, stealing wireless) won’t get anywhere with it. Even if it gets botted all to hell, it’s talking to itself – until I wipe it and start over.

    • #56
  27. Terry Mott Member
    Terry Mott
    @TerryMott

    Eric Hines:

    Terry Mott:

    Hank Rhody:

    I get why you’d do this but… isn’t that still leaving it open to be used in a botnet?

    No. He said he doesn’t plug it into the network, so it’s just a WiFi point with no connection to the Internet, either in or out.

    You’re suggesting war drivers can’t interact with an AP. Of course, they can. The WiFi is broadcasting a radio signal, and it’s receiving one. It just can’t interact with the Internet via the LAN in his house.

    The lack of (easy) availability for a botnet is from his wiping the thing.

    Eric Hines

    I concede it would be theoretically possible to do.  A war driver could conceivably connect to the AP and bridge it to the Internet via another nearby AP, cellular data connection, or hardline they have access to.  But how many such bridged APs would it take to be a significant portion of an average botnet?  And if they already have access to another Internet connection to bridge this AP to, why bother hooking this one to it?

    • #57
  28. Roberto Inactive
    Roberto
    @Roberto

    anonymous:But then in the very next passage, which wasn’t quoted, he continues:

    Of course, this would only be a domestic solution to an international problem. The internet is global, and attackers can just as easily build a botnet out of IoT devices from Asia as from the United States. Long term, we need to build an internet that is resilient against attacks like this.

    So, it doesn’t matter what Sen. Warner and his accomplices do in their marble palaces, because it won’t affect the billions of these devices which are already installed all around the world (the overwhelming majority of which cannot be upgraded), nor devices sold outside the U.S., which, in a global network, work just as well to mount an attack as those inside the border, which is even more porous to Internet traffic than it is to illegal aliens and terrorists.

    Far too many seem to be missing this point all together. It is absolutely irrelevant what the Federal government does in attempting to address this issue. Even if the US had nothing but 100% secure IoT devices sold in our markets that would still have a negligible effect on the problem.

    Early reports are that the majority of the traffic directed by this botnet was from IPs located outside the United States:

    mirai-botnet-map

    The US portion accounted for approximately 10.9% as reported by Imperva.

    The notion that some piece of legislation in the US will remediate this is completely irrational.

    • #58
  29. Six Days Of The Condor Inactive
    Six Days Of The Condor
    @Pseudodionysius

    Pentagon peckerwoods

    Paging @ejhill

    • #59
  30. James Gawron Inactive
    James Gawron
    @JamesGawron

    Roberto:

    anonymous:

    So, it doesn’t matter what Sen. Warner and his accomplices do in their marble palaces, because it won’t affect the billions of these devices which are already installed all around the world (the overwhelming majority of which cannot be upgraded), nor devices sold outside the U.S., which, in a global network, work just as well to mount an attack as those inside the border, which is even more porous to Internet traffic than it is to illegal aliens and terrorists.

    Far too many seem to be missing this point all together. It is absolutely irrelevant what the Federal government does in attempting to address this issue. Even if the US had nothing but 100% secure IoT devices sold in our markets that would still have a negligible effect on the problem.

    Early reports are that the majority of the traffic directed by this botnet was from IPs located outside the United States:

    mirai-botnet-map

    The US portion accounted for approximately 10.9% as reported by Imperva.

    The notion that some piece of legislation in the US will remediate this is completely irrational.

    Roberto,

    This makes the case for maintaining the system that has held well for so long. Rather than looking for legislation, US or worse International, we should be looking to the net industry itself for standards that will bring real solutions.

    Another reason not to give up internet control.

    Regards,

    Jim

    • #60
Become a member to join the conversation. Or sign in if you're already a member.