Tim Berners-Lee calls for accountable cyber security strategy, warns of IoT botnet danger

Creator of the World Wide Web Sir Tim Berners-Lee praised the Government’s new cyber security strategy as he called for consumers to be more vigilant about the dangers of internet-connected devices.

Speaking on BBC Radio 4’s Today Programme, Berners-Lee said that a “balanced” approach was needed, saying that the Government was “absolutely right” to be concerned about the threats from the numerous types of cyber attackers.

“The internet can be attacked and has been attacked in all kinds of different ways, so yes the UK needs to have a strong but responsible and accountable police force and GCHQ needs to have the tools to defend us and defend the open internet,” said Berners-Lee.

At the time of writing, the Government was set to launch the UK’s new cyber security strategy, which is expected to include new defences against cyber criminals.

Questioned over Chancellor of the Exchequer Philip Hammond’s stated aim to “strike back” in cyber space, Berners-Lee said that a first strike approach was not needed but that an offensive approach was needed in certain circumstances.

“When you look at what happens when you’re being attacked by a whole lot of domestic appliances, the way you defend yourself against it is by striking back; you take those machines over if somebody is attacking you.”

This was in reference to recent Internet of Things-powered DDoS attacks that have been mounted against security blog KrebsOnSecurity and more recently, hosting provider Dyn.

These have been conducted using the Mirai malware, which is encoded with a list of a few default passwords, including obvious words and phrases such as ‘password’ or ‘password123’. It trawls the net, looking for passive internet-connected devices such as routers and cameras and inputs these passwords into the devices to try and take them over.

Berners-Lee told listeners to be careful:

“As a consumer, if you buy a webcam and plug it in, you’d better put a password on it, not because somebody is going to be trying to find out what you are doing in your home, but because an automated machine is going to be taking over all the webcams.”