First things first a disclaimer. I neither like nor trust the National Security Agency (NSA). I believe them to be mainly engaged in economic spying for the corporate American empire. Glenn Greenwald has clearly proven that in his book No Place to Hide. At the NSA, profit and power come first and I have no fucking clue as to how high they prioritize national security. Having said that, the NSA should hack the Internet of (insecure) Things (IoT) to death. I know Homeland Security and the FBI are investigating where the DDoS of doomsday proportions is coming from and the commentariat is already screaming RUSSIA! But it is really no secret what is enabling this clusterfuck. It’s the Mirai botnet. If you buy a “smart camera” from the Chinese company Hangzhou XiongMai Technologies and do not change the default password, it will be part of a botnet five minutes after you connect it to the internet. We were promised a future where we would have flying cars but we’re living in a future where camera’s, light-bulbs, doorbells and fridges can get you in serious trouble because your home appliances are breaking the law.
IoT is a lot like Donald Trump. IoT promises the greatest things, the best things. It promises to boost the economy, to ensure safety and to generally make life better, easier and more convenient while in reality it will grab DNS servers by the pussy. And it will get away with it because every pundit says IoT is the next superstar. Every software powerhouse is pushing the promise of cyber salvation. Why? Because they want to farm our data. What better way to do that by actually letting Google, Apple, Amazon or Microsoft eavesdrop on you 24/7? Buying a “smart” thermostat for example means telling the vendor when you wake up, when you leave the house and when you go to bed. It used to be the case that when a product is free it actually means you are provided a service for free because you are the product. Now we are entering the stage where you buy a service while you keep on being the product. And because people want and are accustomed plug and play devices, the default setting is insecure as fuck at best and impossible to secure at worst. That is why we live in a world where paedophiles are able to talk dirty to your baby because you bought a so-called smart baby monitor.
Back in the days when Anonymous was still great (i.e before the Feds recruited snitches like Sabu), you actually needed skills to build a botnet to DDoS the shit out of something. Either that or you’d need to have a genuine cause of outrage that got people involved in the hive-mind where they would voluntarily donate their bandwidth to shut down the enemy website du jour. Back in those days PayPal was a legitimate target for banning donations to Wikileaks for example. Operation Payback was a legitimate cause in which thousands of people participated. So was Project PM set up by Barret Brown. Fuck, even defending the actual nazi Weev was legit because all he was accused of was exposing vulnerable as fuck implementations of software.
Nowadays building a botnet requires no skills whatsoever. None! The only things you need to be able to do are use Google and Shodan. All you have to know are these 60 stupid passwords and you can build yourself an ever growing botnet because people tend to be idiots that do not bother to secure their shit and that like to buy the latest insecure gadgets. No government is interested in banning any of these wholly insecure products that are supposed to protect you because all governments are highly into minority report-style policing. All because of the promises of Big Data. Think of it as broken windows policing but for the internet. The flying cars that we were promised never came and the freedom that internet was supposed to bring quickly developed into a panopticon. The irony of it all is that the insecure internet of things that spy on you are crippling the entire infrastructure of the internet. If the NSA is in any way interested in securing not only our safety but also the safety and the continuity of the internet, it has my blessing to hack the fuck out of all this IoT-crap.