Robots run amok is a common science fiction trope: anthropomorphic terrors turning against their masters. Few versions of that story have the antagonists looking like printers. With the growing Internet of Things (IoT), however, that is quickly becoming our new reality.
On October 21st, 2016, hackers used malicious software (“malware”) known as Mirai to press-gang internet-connected devices, such as unsecured routers, DVRs, and connected IP cameras into committing a Distributed Denial of Service (DDoS) attack against Dyn, a major DNS host. The attack lasted several hours and caused massive internet outages across major services including Twitter, Spotify, Amazon, Reddit, Yelp, Netflix, and The New York Times. 
A DDoS attack works by coordinating internet-connected machines to generate superfluous but ‘well-formed’ requests (that is, indistinguishable from legitimate ones) against a particular target and overwhelm the servers to the point of failure. See below for a visualization of this: 
These types of attacks have historically come from desktop and laptop computers, but recent attacks have increasingly come from internet peripherals. The Mirai software targets these unprotected devices and slaves them to a botnet that can be accessed and used at any time, for intimidation, entertainment, or even profit: oftentimes the groups responsible will rent out botnet time at affordable rates to anyone with bitcoin to spare. 
The October attacks were just the most recent iteration of a growing trend. Over the summer, security firm Sucuri discovered a botnet of 25,000 cameras that was assaulting a brick-and-mortar jewelry store, with unknown motivations.  In September, the hosting giant OVH came under several attacks with volumes thought to be logistically nearly impossible (with traffic exceeding 1 terabit per second from over 145,000 devices).  That same month, a prominent security journalist named Brian Krebs came under attack numerous times before his website was eventually booted by the security firm he had been using, Prolexic. The company could no longer afford to protect him from the high volumes of attacks. 
The fact that these attacks were made possible by the proliferation of internet-connected but undersecured devices has vast implications. Political activists in countries hostile to free speech have had their work censored for decades, but now those wishing to censor individuals need not be in positions of power or even possess a great deal of technical knowledge, since the Mirai source code is freely available to all, and there are more internet-connected devices than ever. Attacks can come from anywhere in the world to anywhere in the world and differentially impact independent and underfunded bloggers and journalists who face expulsion from hosting services that are understandably unwilling to shoulder the burden of being routinely crippled. We face a new threat of internet bully that is anonymous, ubiquitous, and available for hire.
Enter Google. Through one of their subsidiaries, Jigsaw, they have recently released a new type of infrastructure to protect these websites and authors. Originally intended for “small, under-resourced news sites”, Google has recently opened its infrastructure to any “independent news site” – those not owned by a particular government or political party – that wishes to join. 
The initiative is built off of Google’s Pagespeed service, which is a front-end tool that was originally oriented to allow developers faster page load times. Sites wishing to join Project Shield would sit behind this structure and would take advantage of Google’s massive scale: unless the attack were strong enough to bring down the entire service, they can’t touch any individual site. While this isn’t a wholly new model (see Cloudfire) this is the first time the service has been offered for free and with the intent of protecting free speech. 
Google has maintained there is no monetary incentive here, with Jigsaw president Jared Cohen stating: “This isn’t about revenue… you have to make sure that once people have access to the information, it doesn’t get DDOS attacked, it doesn’t get compromised, it doesn’t get censored in a politically motivated way.”  Google’s incentives may not include a direct dollar exchange, but their entire business model is predicated on having people feel comfortable sharing their information online. The majority of Google’s products – Google Search, Gmail, Cloud Services – survive only to the degree that we as consumers of information are willing to provide and share our content with one another – and with Google. In order to protect this ecosphere, Google may need to continue to add cost and complexity to its operating model by introducing products such as Project Shield. But Google should take this further: they should use their immense scale and market position to push for changes to IoT regulations and mandate more stringest minimum security thresholds on internet-connected devices. Concurrently, they should aim to make the public more aware of this issue and the steps they can take to avoid having devices they own be part of a botnet bully.
Word Count: 798
 Canon, (2016), Available at: http://www.canon.com [Accessed 18 November 2016].
 Forbes, (2016), Internet Outage Map [ONLINE]. Available at: http://www.forbes.com/sites/briansolomon/2016/10/21/hacked-cameras-cyber-attack-hacking-ddos-dyn-twitter-netflix/#5f124afb7e6f [Accessed 18 November 2016].
 Dots left to right represent requests on the server, with the bar on the right attempting to service as many requests as possible. Traffic is directed against one particular file, locking up the resources of the target and crashing the system.
 Thomas Fox-Brewster. 2016. How Hacked Cameras Are Helping Launch The Biggest Attacks The Internet Has Ever Seen. [ONLINE] Available at: http://www.forbes.com/sites/thomasbrewster/2016/09/25/brian-krebs-overwatch-ovh-smashed-by-largest-ddos-attacks-ever/#56bd8adb6fb6. [Accessed 18 November 2016].
 Dan Goodin. 2016. Large botnet of CCTV devices knock the snot out of jewelry website. [ONLINE] Available at: http://arstechnica.com/security/2016/06/large-botnet-of-cctv-devices-knock-the-snot-out-of-jewelry-website/. [Accessed 18 November 2016].
Dan Goodin. 2016. Record-breaking DDoS reportedly delivered by >145k hacked cameras. [ONLINE] Available at: http://arstechnica.com/security/2016/09/botnet-of-145k-cameras-reportedly-deliver-internets-biggest-ddos-ever/. [Accessed 18 November 2016].
 Dan Goodin. 2016. Why the Silencing of KrebsOnSecurity Opens a Troubling Chapter for the Net. [ONLINE] Available at: http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net/. [Accessed 18 November 2016].
 Andy Greenberg. 2016. Google Wants to Save News Sites From Cyberattacks—For Free. [ONLINE] Available at: https://www.wired.com/2016/02/google-wants-save-news-sites-cyberattacks-free/. [Accessed 18 November 2016].
 Russell Brandom. 2013. Google Launches New Anti-DDOS Service Called Project Shield. [ONLINE] Available at: http://www.theverge.com/2013/10/21/4862724/google-launches-new-anti-ddos-service-called-project-shield. [Accessed 18 November 2016].
 See