Compromised CCTV and NAS Devices Found Participating In DDoS Attacks (incapsula.com)

← Back to Stories (view on slashdot.org)

Compromised CCTV and NAS Devices Found Participating In DDoS Attacks (incapsula.com)

Posted by Soulskill on Friday October 23, 2015 @05:20AM from the today-your-NAS,-tomorrow-your-toaster dept.

chicksdaddy writes: The parade of horribles continues on the Internet of Things, with a report from the security firm Incapsula that its researchers discovered compromised closed circuit cameras as well as home network attached storage (NAS) devices participating in denial of service attacks. The compromised machines included a CCTV at a local mall, just a couple minutes from the Incapsula headquarters.

According to the report, Incapsula discovered the infections as part of an investigation into a distributed denial of service attack on what it described as a "rarely-used asset" at a "large cloud service." The attack used a network of 900 compromised cameras to create a flood of HTTP GET requests, at a rate of around 20,000 requests per second, to try to disable the cloud-based server. The cameras were running the same operating system: embedded Linux with BusyBox, which is a collection of Unix utilities designed for resource-constrained endpoints.

The malware in question was a variant of a self-replicating program known as Lightaidra, which targets systems running BusyBox and exploits vulnerable Telnet/SSH services using so-called "brute force dictionary attacks" (aka "password guessing"). Given that many Internet connected devices simply use the default administrator credentials when deployed, calling it a "brute force" attack is probably a stretch.

8 of 64 comments (clear)

Min score:

Reason:

Sort:

Doesn't surprise me by 0123456 · 2015-10-23 05:40 · Score: 2

My Webcam came with an open root telnet port. Just connect to port XXXX (whatever it was, I forget) and you were automatically logged in to a root shell.
There's a reason I kept it completely firewalled from the Internet.
Distance matters now? by xxxJonBoyxxx · 2015-10-23 05:40 · Score: 2

>> compromised machines included a CCTV at a local mall, just a couple minutes from the Incapsula headquarters
Clearly, the correct thing to do is move the HQ further away from the mall, right?
Interesting by ArchieBunker · 2015-10-23 05:48 · Score: 2

A few years ago I got curious and started scanning the local subnets on my ISP for open telnet ports. Found one DVR type of device with four cameras and four hard drives running with disks 100% filled. The default logins worked and found myself at a busybox prompt. What was interesting was there was always a few others logged in from countries over seas. I managed to tftp a fragment of a video file but couldn't recognize the area. There is no reason for multiple telnet logins to a DVR box.

--
Only the State obtains its revenue by coercion. - Murray Rothbard
1. Re:Interesting by KGIII · 2015-10-23 09:48 · Score: 2
  
  I'm not admitting to anything but there's someone who will answer to my name, if called, who may have a hobby of finding online printers and sending them a (single) printed piece of paper telling them of the fault. Why they've got them online or with forwarded ports is beyond me. But, you know... Sometimes there are easily accessed routers and whatnot. I don't know anything about anything, of course, but they all *probably* have the default passwords still. If I were to do something like that then I'd obviously update their firmware, I'd be nice like that.
  
  --
  "So long and thanks for all the fish."
Re:You can burn out the motor coils in the cameras by thedonger · 2015-10-23 05:51 · Score: 2

You can burn out the motor coils in the cameras by hacking the software and over driving them?
Maybe the cameras burned themselves out because they were tired of being our slaves?

--
Help fight poverty: Punch a poor person.
Re:Funny by thedonger · 2015-10-23 05:53 · Score: 2

It's funny reading this today, because yesterday my smtp server was getting attacked by a Samsung DVR.
I'm fairly certain my Xbox is bullying my PS3.

--
Help fight poverty: Punch a poor person.
Re:Slashdot submission style by gstoddart · 2015-10-23 05:54 · Score: 3, Informative

The true geeks all left a long time ago. The dumbed-down folksy style is a perfect fit for the wannabe geeks and Teatards who still largely inhabit this place
Hmmmm ... if not A, then (B|C) ... so which of 'wannabe geeks' or Teatards are you including yourself in?
Or are you just saying small values of A?

--
Lost at C:>. Found at C.
Re:You can burn out the motor coils in the cameras by JustAnotherOldGuy · 2015-10-23 08:37 · Score: 3, Funny

Man, I just can't wait until everything fucking I own is vulnerable and requires daily/weekly patching.
Upgrade toilet? CHECK....DONE.
Upgrade refrigerator? CHECK....DONE.
Upgrade toaster? CHECK....DONE.
Upgrade alarm clock? CHECK....DONE.
Upgrade gas stove? CHECK....DONE.
Upgrade TV? CHECK....DONE.
Upgrade ink pen? CHECK....DONE.
Upgrade couch? CHECK....DONE.
Upgrade desk lamp? CHECK....DONE.
Upgrade front door? CHECK....DONE.
Upgrade coffee table? CHECK....DONE.
Upgrade soap dispenser? CHECK....DONE.
Upgrade wife's vibrator? CHECK....DONE.
Upgrade the upgrade manager? CHECK....DONE.
Upgrade kitchen light? CHECK....DONE.
Upgrade lawnmower? CHECK....DONE.
Upgrade sink? CHECK....DONE.

--
Just cruising through this digital world at 33 1/3 rpm...