Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai Zhuohao Li Sep 25, 2019

Introduction Understanding how to guarantee the internal and external security of networks is an essential element especially in the modern era where the IoT has become a common aspect. Reports from research on IoT has revealed that approximately 6.5 billion gadgets are connected to the internet, a figure that means they have surpassed human connections (Angrishi, 2017). The attack on consumer products has made the situation even worse because people lack the information. IoT botnet is a term that refers to a collection of IoT devices that have been compromised such as DVRs, cameras, wearables, routers and other technologies that can be embedded.  Internet of Things has become a common aspect in regard to the smart physical objects. More devices such as routers, toaster, refrigerators among others are increasingly being connected to the internet using sensors and IP addresses. As the number of these gadgets grow exponentially, the number of reported cases of hacking has been on the rise, hence the need to take up urgent countermeasures. One of the most common suggested interventions is the use of IoT malware cleanup that has been proven effective in many affected users. With the rise of Mirai infections, there has been a major concern from internet service providers and other stakeholders who want long-term solutions developed. Further there is lack of well-established mechanisms of communication to contact the owners who are in the most cases unreachable (Antonakakis et al., 2017). Malware in these devices makes it possible for the attackers to maliciously control them for similar intentions to traditional botnet. The major difference between the two is that the affected IoT devices continue to spread the malware with the intention of targeting more devices.

Introduction Continued 5. The variant of the Internet of Thing’s malware has been changing constantly and therefore essential to analyze the architecture to determine malfunctions. 6. A common algorithm used is the Artificial Neural Network that clearly detects anomalies. 4. From The DDos attacks, there was crytomining malware, and the modern environment under IoT has been exposed to vulnerabilities of different types (Kolias et al., 2017). Users are therefore advised to have adequate security protection and monitoring systems. Besides, it is essential to improve the existing detection and learning techniques as well as the algorithms in machine learning that helps in the detection of malware. 5. Without the algorithm, hackers will continue expanding the scope of the attacks in the PCs and the internet environment. Malicious software in the future are projected to be more advanced with the capability of evading the defense systems, but the existing project and research works are promising to adequately tackle new developments in malicious software. For example, Mirai infections, now have different solutions that have been approved by various software experts.

Solutions To handle Mirai infection, users are educated about the importance of a walled garden that has managed to successfully solve 92% of the affected cases (Cetin et al., 2019). End-users should be aware of technical issues and the best ways to remediate and protect their gadgets. After guaranteeing and notifying customers who have reported a more than 90% success rate, the rates of reinfection have also been considerably low. The lack of information about the IoT botnet has made many users to run anti-virus software that do not solve the problem. Even with the Walled Garden, it is essential to ensure that users are aware of the existing problem. Therefore, the first step undertaken in the botnet mitigation is contacting the people affected by the malware. Achieving this objective is not difficult because Internet Service Providers can assess the networks and identify the malware (Bertino & Islam, 2017). After doing the assessment, ISP sends the risks reports to the customers through the email, urging them to take countermeasures before more malicious activities impacts on functionality of devices. Being aware of the technical issues therefore makes it possible to comply with the measures suggested. ISP can also opt to have the affected customers placed in a quarantined network, a remedy that was approved to have great benefits (Cetin et al., 2019). From research conducted on 220 users, the reinfection was only reported in 5% of the users after 5 months of intervention (Cetin et al., 2019). These outcomes and long-term solution to the problem is proof that the countermeasure suggested is highly productive. The lack of information about the IoT botnet has made many users to run anti-virus software especially on PCs to solve challenges associated with Mirai infection, but this is often not successful. The research article, therefore, offers pieces of advice to affected customers to avoid operating using the wrong mental models and therefore seek consultancy and research extensively on the topic under study.

Solutions Continued 5. Another effective solution to the malware problem affecting the operations of devices connected to the internet is the utilization of abuse feeds. 6. There are other solutions to the IoT malware attacks such as the Censys Scans and the Darknet. 5. There are non-profit security organizations that specifically research on the abused internet resources and develop long term solutions to mitigate the problem. An example is the Daily Shadowserver that collects and distribute data and information in the compromised machines. The organizations will send daily reports on affected hosts, offering a reliable starting point to tackle the challenge. Thereafter, it becomes possible to track users who have been affected by Mirai. Daily Shawoserver serves similar roles as the IoT Honeypot that is currently being use to identify and track the affected gadgets. To deal with the malware infections, the technique recommends the application of IoT architecture such as the CPE WAN, IoT devices, and the Telnet protocol. 6. The latter is more effective in the determining the remediation period. Besides, the IoT honeypot and the Darknet have been proven to effectively track the infected hosts and therefore makes it possible to formulate a reliable mechanism to handle associated challenges. The Censys Scan has different features that focus more on the identification of devices affected using a list of open ports. Effective measures thereafter become easier to undertake to guarantee the safety of the affected customers and thus, reduces the impacts of the Mirai on functionality. The enterprises connected will also then benefit from the solutions to the exposed weaknesses that would otherwise lead to big losses after the loss of trust from potential customers.

Criticism The solutions suggested to tackle malware cases in the era of IoT reveals there are strengths and weaknesses. All stakeholders such as companies, government, research institutions among others are supposed to be uniting in developing measures to improve the security of IoT. There is more than just the lack of knowledge which affect the intervention techniques. The concept of walled garden is impossible due to governments’ needs to consolidate and acquire more power. Weaknesses offer chances to improve on security of interconnected gadgets. IoT security measures suggested are essential because they are guaranteeing the safety of the networks and interconnected devices. Each ‘thing’ has a unique identifier that makes it possible to transfer the data over networks which can be used to access the degree of vulnerability and offer solutions to tackle the malware associated problems. Although the aspect of uniformed or collaborative measures did not feature in the article, there was the frequent reference of the architecture of the IoT that is essential for the classification of threats based on the application, perception, and transport layers. The lack of information regarding the malware affecting the IoT affects the measures to deal with the challenges, but analysis of the issue reveals there is more than just the lack of knowledge. Businesses and consumers have recently had serious concerns claiming that they have low confidence in the ability of the manufactures and ISPs to provide security of the data transmitted over the networks or stored in the devices (Ashok et al., 2017). The implementation of walled garden is another important and effective mechanism but it is essential to consider its long-term success based on the recent developments in the national and regional levels of power and control. For example, governments are reported to be interested in findings ways to break the ‘walled gardens’ due to political reasons such as economic protectionism, the loss of power and control and regulatory divergence (Brous & Janssen, 2015). The resulting effect, therefore, creates major problems especially in the implementation of the global IoT. The solutions provided to deal with Mirai thus did not consider this aspect because there are many erected barriers in the nature of transactions and the flow of content.

Criticism Continued 5. Illegal workarounds and cloud attacks further makes it impossible to implement IoT security measure. 6. More research can be conducted on the possible security measures to be introduced in the area because hackers and other malicious people are constantly looking for possible loopholes to exploit in order to compromise the data of the network. 5. An online hyper-globalized world, therefore, becomes impossible to attain because of the resistances and the rising cases of illegal workarounds. The weakness further extends to possible cloud attacks as more IoT’s data will be saved on the platform. The other suggestions, despite having a few weaknesses were highly effective and it is recommendable that they be implemented. 6. Even if the walled garden cannot be fully implemented at the international level because of political reasons, it is essential to note that the measure is highly effective within the territorial boundaries.  

References Angrishi, K. (2017). Turning internet of things (iot) into internet of vulnerabilities (iov): Iot botnets. arXiv preprint arXiv:1702.03681. Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., ... & Kumar, D. (2017). Understanding the mirai botnet. In 26th {USENIX} Security Symposium ({USENIX} Security 17) (pp. 1093-1110). Ashok, R., Zinopoulou, M., Atlam, H., Wills, G., & Zulkipli, N. H. (2016). Building on a secure foundation for the Internet of Things. Bertino, E., & Islam, N. (2017). Botnets and internet of things security. Computer, (2), 76-79. Brous, P., & Janssen, M. (2015, October). A systematic review of impediments blocking internet of things adoption by governments. In Conference on e- Business, e-Services and e Society (pp. 81-94). Springer, Cham.

Çetin, O., Gañán, C., Altena, L., Kasama, T., Inoue, D., Tamiya, K., ... & van Eeten, M. (2019, February). Cleaning Up the Internet of Evil Things: Real- World Evidence on ISP and Consumer Efforts to Remove Mirai. In NDSS. Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT: Mirai and other botnets. Computer, 50(7), 80-84. Lim, S., & Cortina, L. M. (2005). Interpersonal mistreatment in the workplace: the interface and impact of general incivility and sexual harassment. Journal of applied psychology, 90(3), 483. Matz, S., Chan, Y. W. F., & Kosinski, M. (2016). Models of personality. In Emotions and Personality in Personalized Services (pp. 35-54). Springer, Cham. Risavy, S. D., & Hausdorf, P. A. (2011). Personality testing in personnel selection: Adverse impact and differential hiring rates. International Journal of Selection and Assessment, 19(1), 18-30. Seibert, S. E., & DeGeest, D. S. (2017). The five factor model of personality in business and industry. The Oxford Handbook of the Five Factor Model, 27, 381. Zhao, H., Seibert, S. E., & Lumpkin, G. T. (2010). The relationship of personality to entrepreneurial intentions and performance: A meta analytic review. Journal of management, 36(2), 381-404.