What was new about the Krebs attack was both the massive scale
and the particular devices the attackers recruited. Instead of
using traditional computers for their botnet, they used CCTV
cameras, digital video recorders, home routers, and other
embedded computers attached to the internet as part of the
Internet of Things.
Much has been written about how the IoT is wildly insecure. In
fact, the software used to attack Krebs was simple and amateurish.
What this attack demonstrates is that the economics of the IoT
mean that it will remain insecure unless government steps in to
fix the problem. This is a market failure that can’t get fixed on
Schneier’s reasoning for calling for government intervention is simple:
The market won’t fix this because neither the buyer nor the seller cares.