Slashdot Mirror
Compromised CCTV and NAS Devices Found Participating In DDoS Attacks (incapsula.com)
chicksdaddy writes: The parade of horribles continues on the Internet of Things, with a report from the security firm Incapsula that its researchers discovered compromised closed circuit cameras as well as home network attached storage (NAS) devices participating in denial of service attacks. The compromised machines included a CCTV at a local mall, just a couple minutes from the Incapsula headquarters.
According to the report, Incapsula discovered the infections as part of an investigation into a distributed denial of service attack on what it described as a "rarely-used asset" at a "large cloud service." The attack used a network of 900 compromised cameras to create a flood of HTTP GET requests, at a rate of around 20,000 requests per second, to try to disable the cloud-based server. The cameras were running the same operating system: embedded Linux with BusyBox, which is a collection of Unix utilities designed for resource-constrained endpoints.
The malware in question was a variant of a self-replicating program known as Lightaidra, which targets systems running BusyBox and exploits vulnerable Telnet/SSH services using so-called "brute force dictionary attacks" (aka "password guessing"). Given that many Internet connected devices simply use the default administrator credentials when deployed, calling it a "brute force" attack is probably a stretch.
According to the report, Incapsula discovered the infections as part of an investigation into a distributed denial of service attack on what it described as a "rarely-used asset" at a "large cloud service." The attack used a network of 900 compromised cameras to create a flood of HTTP GET requests, at a rate of around 20,000 requests per second, to try to disable the cloud-based server. The cameras were running the same operating system: embedded Linux with BusyBox, which is a collection of Unix utilities designed for resource-constrained endpoints.
The malware in question was a variant of a self-replicating program known as Lightaidra, which targets systems running BusyBox and exploits vulnerable Telnet/SSH services using so-called "brute force dictionary attacks" (aka "password guessing"). Given that many Internet connected devices simply use the default administrator credentials when deployed, calling it a "brute force" attack is probably a stretch.
You can burn out the motor coils in the cameras by hacking the software and over driving them?
That's why when it comes to my Internet of Things, I only trust the Genuine® Advantage©® of Certified® Microsoft©® Windows®© Internet© of© Things©® Soft®ware®.
©
Is anyone else getting annoyed at the writing style of recent Slashdot submissions ?
They are being written in a dumbed down folksy style with idiotic mannerisms designed to explain things to idiots, not the geek readership around here.
My Webcam came with an open root telnet port. Just connect to port XXXX (whatever it was, I forget) and you were automatically logged in to a root shell.
There's a reason I kept it completely firewalled from the Internet.
>> compromised machines included a CCTV at a local mall, just a couple minutes from the Incapsula headquarters
Clearly, the correct thing to do is move the HQ further away from the mall, right?
A few years ago I got curious and started scanning the local subnets on my ISP for open telnet ports. Found one DVR type of device with four cameras and four hard drives running with disks 100% filled. The default logins worked and found myself at a busybox prompt. What was interesting was there was always a few others logged in from countries over seas. I managed to tftp a fragment of a video file but couldn't recognize the area. There is no reason for multiple telnet logins to a DVR box.
Only the State obtains its revenue by coercion. - Murray Rothbard
It's funny reading this today, because yesterday my smtp server was getting attacked by a Samsung DVR.
The Wikipedia of Things, where any dipshit on the internet can edit your refrigerator.
I have no idea why people allow outside access to their NAS device or webcams. At a minimum, require VPN access, but ideally put them in a VLAN "jail".
Someone is going to need to get much more savvy when it comes to securing this "IoT" monster.
From the article, it seems like the exploited cameras are IP-addressable/reachable. That does not sound like Closed Circuit TV as I think of it, with non-ethernet coax-and-like connected cameras connected to a monitoring station in a true closed circuit. I am no expert, but should we be talking about an exploit of "IP-enabled security cameras" or something like that instead?
Dear $public $relations $firm, please generate 'reports' about DDOS attacks that don't mention that vast pool of compromised Microsoft Windows desktops out there on the Internet.
'Incapsula is a cloud-based security and acceleration service that makes websites safer, faster, and more reliable'
admin admin
admin admin
I said admin you dumb camera!
admin admin
the Nike Air Ralston Mid nike tn requin ool Grey,makes good on the air yeezy shoes stylish design, adding a creamy grey suede upper to a white midsole, orange accents, and a sport-inspired pad-like outsole. Hit the jump for a few more looks, and hit spots like MrRSportsMiami.com for a pair today. Yesterday brought a glimpse of one of the simpler Hachi colorways wee seen to date, eschewing the standard Sting-inspired two-color (or at least two-tone) look in favor of a more uniform coloring. And as the counterpoint to that, today brings some of the more unique looks, although no less impressive. The Nike Hachi Gingham pack, designed specifically for women, each sport the air yeezy pink vintage-inspired silhouette but forgo leather in favor of a gingham textile, three different colors in total. Check out each under the cut, and look for these in Asia now, with a US release still up in the air. While a rather scarce one, the Coast Classic is nevertheless a great summer look, with a classically simple construction that lends itself to colorways both subtle and complex. In fact the latest version, the Nike Coast Classic nike Free Run SP Black/White Gingham, goes for subtle and complex on the same shoe, with black suede on the toe and heelcap sitting atop a classic vulc rubber sole,