Slashdot Mirror

← Back to Stories (view on slashdot.org)

Krebs Warns Source Code Leaked From Massive IoT Botnet Attack (krebsonsecurity.com)

Posted by EditorDavid on from the telnet-botnet dept.

Remember that historically massive denial-of-service attack last month against security researcher Brian Krebs? The source code's just been leaked, Krebs reports, "virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices." An anonymous Slashdot reader quotes KrebsOnSecurity: The malware, dubbed "Mirai," spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords. Infected systems can be cleaned up by simply rebooting them -- thus wiping the malicious code from memory. But experts say there is so much constant scanning going on for vulnerable systems that vulnerable IoT devices can be re-infected within minutes of a reboot. Only changing the default password protects them from rapidly being reinfected on reboot...

The user who leaked the source code says "there's lots of eyes looking at IOT now... I usually pull max 380K bots from telnet alone. However, after the Krebs DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300K bots, and dropping"...
Now that the source code has been released online for that 620-Gbps attack, Krebs predicts "there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems." He points out that 5.5 million new things get connected to the internet each day, according to Gartner. And they're also predicting that 6.4 billion things will be connected to the internet by the end of the year -- reaching 20.8 billion over the next four years.

6 of 69 comments (clear)

  1. Overly optimistic by TroII · · Score: 4, Funny

    Krebs predicts "there will soon be many Internet users complaining to their ISPs about slow Internet speeds as a result of hacked IoT devices on their network hogging all the bandwidth. On the bright side, if that happens it may help to lessen the number of vulnerable systems."

    Yeah, I doubt it.

    Customer: My internet is slow.
    Comcast: I'm knowing how frustrating that is because I'm being a Comcast customer too! Did you rebooting your modem?
    Customer: Yes, my internet is still slow.
    Comcast: Let me to be sending the signal to your modem!
    Customer: Didn't do anything, my internet is still slow.
    Comcast: I'm knowing how frustrating that is because I'm being a Comcast customer too! Did you rebooting your modem?
    Customer: Yes, 5 minutes ago while I was talking to you! My internet is still slow.
    Comcast: Let me to be sending the signal to your modem!

    --
    "If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
    1. Re:Overly optimistic by Anonymous Coward · · Score: 3, Informative

      Used to work for 2Wire many years ago. Took transfers from outsourced SBC L1 techs. Unlike most, I don't blame them for being insanely inept at their jobs. They're hired to follow a script, not be technicians. Probing for info before the transfer often went like this:

      Me: "Did you try pinging the router?"
      L1: "...I was not able to do that."
      Me: "Ok, is there something wrong? How come you were unable to ping it?"
      L1: "...I was not able to do that."

      I get similar from my cable ISP from non-outsourced support if I call during the day. At night, I assume they have to staff the competent people as there are no others around to fix things. I can say "my modem doesn't sync" without being asked to reboot my computer.

      Sorry, off topic. AC anyhow so unlikely to be seen. :)

  2. It's not "cleaning up", it's competition by Opportunist · · Score: 3, Interesting

    The reason you can't simply get as many bots isn't that ISPs start finding out that they have a responsibility. It's simply that more players are fighting over the bots.

    Next step is probably botters hacking devices and changing the passwords so other bot herders can't use them. It's the usual game: A resource is only valuable if the other one does NOT have it.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Have the actual IoT devices been identified? by slincolne · · Score: 3, Interesting
    Has anyone seen any lists of the devices that are being compromised?

    It would be really handy to know what devices are actually at risk, so that people can tell if they need to take action. It sounds like whatever these devices are, they have somehow been exposed to the Internet (didn't we all disable UPNP years ago).

    Maybe all the ISP's should grab a copy of the code and use it for scanning for vulnerable client devices and tell their customers to disconnect them before the ISP does it for them.

  4. time to brick them? by Gravis+Zero · · Score: 3, Interesting

    So is it time for people to start bricking every unsecured IoT device or what?

    --
    Anons need not reply. Questions end with a question mark.
  5. BCP38 by mars-nl · · Score: 3, Interesting

    Wouldn't most if not all DDoS attacks be much harder if ISPs implemented BCP38? Of course IoT devices should be secure, but this is a dream as software will always contain bugs. The number of ISPs is much smaller than the number of devices connected to the internet, so blocking spoofed IP traffic is much cheaper solution.