Read the full article
Paul Connolly, Vice President in Duff & Phelps' Disputes and Investigations practice, discusses the October 21, 2016 distributed denial of service attack targeting Dyn, an American provider of underlying internet name services, which caused internet outages across the Eastern United States. Prior attacks using the same techniques targeted journalists and French hosting provider OVH. In these attacks, millions of internet of things (“IoT”) devices were subverted, unbeknownst to their owners, and used in attacks across the internet. These attacks are driven by an attack vector known as the Mirai botnet, which exploits default, hard-coded passwords in many common IoT devices, such as network attached video devices and network cameras. Solicitors and in-house counsel representing clients in the device manufacturing industries should pay close attention to the potential for regulations in light of this new threat. Clients should also be cognizant of the potential shift of liability risks from the hacking of IoT devices to the manufacturers in a number of circumstances. When hiring outside vendors, law firms and legal departments should also be aware that the network and hardware vulnerabilities of their third-party providers could affect their operations and their clients.