It happened all because of a lack of SENSE!
DDoS attack halts heating in Finland amidst winter
http://metropolitan.fi/entry/ddos-attack-halts-heating-in-finland-amidst-winter
A late October 2016 DDoS attack disabled an IoT-connected control system for the centralized heating apparatus of two residental condo buildings in Lappeenranta city, eastern Finland.
Despite freezing temperatures outside the tenats apparently didn't think much of the incident, because they believed the outage was part of a week-long civil defence exercise and they kept themselves warm by singing and dancing to Ievan Polkka.
Plumbers were eventually sent on-site but they couldn't fix the problem due to lack of computer security training, so the attack wasn't remedied until the 3rd of November.
The only remaining question in this case: who is General Winter Protection Fault and why is he reading the hard drive of our Internet-connected central heating apparatus?
Best Regards: Tamas Feher, Hungary.
Comments
-
Hi Tamas,
I passed on your post to our Sense team. Please find their reply below:
Yes, nowadays connected heating systems are attacked too. So, you definitely need protection for your IoT devices. That said, as per the article, this was a DDoS attack (though we can’t really verify or confirm that). Protecting against DDoS attacks is a different matter from blocking malicious apps or websites targeting your laptop/phone/smart TV/thermostat.
Sense is not designed for handling DDoS attacks. Nevertheless, you must have the IoT protection in place so that your IoT devices wouldn’t become part of a botnet that actually conducts the DDoS attacks. In addition, it’s worth mentioning that Sense, in its current form, was designed for personal use only.
That is, it’s not meant for businesses, such as the property management company in charge of that heating system in the article.
