Brian Krebs did a simple thing. He reported on the take-down of a distributed denial of service (DDoS) for hire group, vDOS, and the arrest of two of its Israeli teenage operators. The ensuing cyber temper tantrum, which was forensically linked to one of the teenagers, resulted in the largest DDoS attack on record and affected hundreds of businesses and thousands of users. Let\u2019s look at the implications beyond Krebs.[ALSO ON CSO: The DDoS attack on Krebs]On Sept. 20, Krebs was the victim of the largest Distributed Denial of Service (DDoS) attack in the history of the internet. Krebs\u2019 pro-bono host, content delivery network (CDN) services provider Akamai, reported the amount of data fired against them in the attack reached 665Gbps. Until then the largest attack Akamai had experienced reached only half that rate, 363Gbps. Akamai successfully fought off the attack and Krebs\u2019 site remained up but the loss of functionality for Akamai\u2019s other business resulted in significant financial losses. Akamai ultimately decided to drop Krebs\u2019 blog.Why should you care?\u00a0 Well, let\u2019s assume that the attack was against Krebs; not a far stretch because he blogs about cybersecurity and is not afraid to call out groups and individuals who are involved in stupid, pointless, or illegal interference with our daily online business and personal lives. In this case he called out the same people, vDOS, who were implicated in hundreds of pay-for-DDoS attacks. The vDOS vandals were associated with other cybercriminals including Lizard Squad. Lizard Squad was responsible for the 2014 Christmas outages at Sony and Microsoft. Remember the Christmas joy when you bought the kids that new PlayStation and they couldn\u2019t connect? So the bad guys pointed the data cannon at Krebs and fired. Miss. But what about collateral damage?[ALSO ON CSO: The great PlayStation outage of 2014 ]Akamai hasn\u2019t yet released the financial impact of the attack against their servers but it will likely be in the range of several million dollars. Akamai was collateral damage. So were Akamai\u2019s customers who were denied functionality during the event. So were the customers of these businesses, who depended upon access to data, news, and basic communication. Whether by design or as an unintended consequence, a cascade of financial and reputational loss ensued.Calculate the cost of a DDoS attack How you might have been an unwitting accompliceAnalysis of traffic in the DDoS indicated a \u201cgarbage web attack,\u201d flooding a system with GET, SYN, and other requests. This kind of attack (currently) can\u2019t be spoofed like a DNS attack; each requesting device must utilize a generic routing encapsulation\u00a0(GRE) packets. GREs are a protocol that establish a discrete device-to-device connection and are attributable.\u00a0In this garbage web attack, an enormous botnet was created by compromising internet of things (IoT) devices. When I say \u201cenormous,\u201d I mean hundreds of thousands of compromised IoT devices. Currently there are two major Tactics, Techniques, and Procedures (TTPs) used to form these botnets. The first and most obvious, scanning for unprotected devices. The second, compromising the control servers of the devices themselves. Both TTPs are enabled by malware that appeared on the web in 2015 and now appears in myriad forms and names. Coding skills are not required \u2013 you can buy an app or hire a service to conduct an attack.The IoT is ubiquitous and invisible \u2013 enabled devices range from automobiles to whiskey bottles and tennis rackets. As such, it\u2019s possible that your smart TV, your doorbell camera, and your web-enabled refrigerator all were part of the cyber-gang that attacked Krebs\u2019 site. The IoT, intended to enable convenience, safety, and remote operability, has evolved into the Internet of Irritating Things (IoIT).\u00a0[ALSO ON CSO: IoT DDoS attacks]Before you confront your thermostat and demand an apology, understand that the IoIT is itself a victim. The IT industry has faced some challenges incorporating security as part of the software development process but we all benefit. Hardening systems and networks via software has begun to throttle botnets in general. Let\u2019s make this personal -- in 2008, the Srizbi botnet created 60 percent of all spam worldwide, about\u00a060 billion emails every day. Worldwide spam volume decreased by 75 percent when it was neutralized. It remains so in part by security in the development process as the internet grows and progresses.Accepting and integrating security\/software development was not done overnight; it remains an ongoing process and for some the learning curve is quite steep. Now the IoT folks, hopefully, are learning the same lessons.\u00a0Is your computer one of the living dead?Determining if your computer has been turned into a zombie and is mindlessly participating in a botnet can be done both digitally and physically:Does your computer act \u201cdifferent?\u201d Is it crashing and generating error messages for no apparent reason?Does it take longer to start or shut down?Does your fan kick in at high speed when you\u2019re not using the computer?Are you seeing high data rates on Task Manager while you are idle?If you notice these indications, an anti-virus program can help. At the worst you\u2019ll need to wipe your drive and re-install your operating system. You did regularly back up all your data, right?[ALSO ON CSO: Is my computer a zombie?]SummaryDDoS attacks can be initiated by an app, a program, or by hiring criminals to conduct a DDoS. DDoS attacks cost not only the target but also anyone associated with the target (cascading effect) and damage spreads geometrically. Consequences of an attack against almost any entity on the internet negatively affects us all in some way.\u00a0Botnets enable DDoS attacks. Botnets can be created, rented, or purchased. Personal computers, giant corporate servers, and IoT devices as small as fitness trackers can be part of a botnet while owners and operators remain oblivious.It is possible to determine by observation and data analysis if you are part of a botnet. It\u2019s much easier to defend your system than to restore it.