Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Hacked Cameras, DVRs Powered Today's Massive Internet Outage

From: "Dave Farber" <farber () gmail com>
Date: Sat, 22 Oct 2016 09:02:01 -0400



Begin forwarded message:


From: Hendricks Dewayne <dewayne () warpspeed com>
Date: October 22, 2016 at 7:10:12 AM EDT
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Subject: [Dewayne-Net] Hacked Cameras, DVRs Powered Today's Massive Internet Outage
Reply-To: dewayne-net () warpspeed com

Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
By Brian Krebbs
Oct 21 2016
<https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/>

A massive and sustained Internet attack that has caused outages and network congestion today for a large number of 
Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and 
digital video recorders, new data suggests.

Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that 
provides critical technology services to some of the Internet’s top destinations. The attack began creating problems 
for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.

At first, it was unclear who or what was behind the attack on Dyn. But over the past few hours, at least one computer 
security firm has come out saying the attack involved Mirai, the same malware strain that was used in the record 620 
Gpbs attack on my site last month. At the end September 2016, the hacker responsible for creating the Mirai malware 
released the source code for it, effectively letting anyone build their own attack army using Mirai.

Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and then 
enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate 
legitimate visitors or users.

According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based 
botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built on 
the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese 
hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who 
then use it in their own products.

“It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now 
attacking the United States,” Nixon said, noting that Flashpoint hasn’t ruled out the possibility of multiple botnets 
being involved in the attack on Dyn.

“At least one Mirai [control server] issued an attack command to hit Dyn,” Nixon said. “Some people are theorizing 
that there were multiple botnets involved here. What we can say is that we’ve seen a Mirai botnet participating in 
the attack.”

As I noted earlier this month in Europe to Push New Security Rules Amid IoT Mess, many of these products from 
XiongMai and other makers of inexpensive, mass-produced IoT devices are essentially unfixable, and will remain a 
danger to others unless and until they are completely unplugged from the Internet.

That’s because while many of these devices allow users to change the default usernames and passwords on a Web-based 
administration panel that ships with the products, those machines can still be reached via more obscure, less 
user-friendly communications services called “Telnet” and “SSH.”

Telnet and SSH are command-line, text-based interfaces that are typically accessed via a command prompt (e.g., in 
Microsoft Windows, a user could click Start, and in the search box type “cmd.exe” to launch a command prompt, and 
then type “telnet” to reach a username and password prompt at the target host).

[snip]

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161022090209:BBBA7F5A-9857-11E6-B7BF-A104F010038B
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: