In last October a DDos attack against Dyn (a DNS host) was conducted by using a Mirai botnet that consists of IoT devices (10s of millions of IP addresses were used during the attacks). This affected the accessibility of many sites in USA and Europe. The Mirai botnet was built using the weaknesses of IoT devices, e.g. users often using default passwords like Admin Admin and such.
When we build or design a IoT device, smart building (bunch of IoT devices?), smart grid or a smart city, we may need to take into account that this type of cyber attacks exist. In case of using or designing IoT devices, our devices may be attacked by malware and in case of weak security could be used in such botnets, thus we have the responsibility to pay attention to their security features. If we are on the smart city or smart grid side, our systems may become the targets of DDos attack using IoT devices. However, we might not be the only ones concerned, as this article clearly shows: Gizmodo: This Hacker is My New Hero
Should we tolerate such behaviour, as they are doing a favour for the security of the digital community or should they be taken down as criminals?