BrickerBot, the Permanent Denial-of-Service Botnet, Is Back With a Vengeance

An anonymous reader quotes a report from Ars Technica: BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices before they can be conscripted into Internet-crippling denial-of-service armies, is back with a new squadron of foot soldiers armed with a meaner arsenal of weapons. Pascal Geenens, the researcher who first documented what he calls the permanent denial-of-service botnet, has dubbed the fiercest new instance BrickerBot.3. It appeared out of nowhere on April 20, exactly one month after BrickerBot.1 first surfaced. Not only did BrickerBot.3 mount a much quicker number of attacks -- with 1,295 attacks coming in just 15 hours -- it used a modified attack script that added several commands designed to more completely shock and awe its targets. BrickerBot.1, by comparison, fired 1,895 volleys during the four days it was active, and the still-active BrickerBot.2 has spit out close to 12 attacks per day. Shortly after BrickerBot.3 began attacking, Geenens discovered BrickerBot.4. Together, the two newly discovered instances have attempted to attack devices in the research honeypot close to 1,400 times in less than 24 hours. Like BrickerBot.1, the newcomer botnets are made up of IoT devices running an outdated version of the Dropbear SSH server with public, geographically dispersed IP addresses. Those two characteristics lead Geenens to suspect the attacking devices are poorly secured IoT devices themselves that someone has compromised and used to permanently take out similarly unsecured devices. Geenens, of security firm Radware, has more details here.

Denial-of-Service?

BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices

Denial-of-Service botnet? Sounds more like a Public-Service botnet to me.

Re:Denial-of-Service?

[monkeyzoo]

Securing them for good before they can secured for evil.

Re:Denial-of-Service?

[GargamelSpaceman]

I would mod parent up if I could.

We made a big mistake when we made cracking into things illegal. We should have made cracking into things legal and made people put up impenetrable walls. This is computers and data. There are walls that anyone can put up that can keep out governments. This would have created demand for real security and by now we'd have it ubiquitously without trying.

I hope this guy doesn't get caught, and I appreciate and do not encourage his actions.

Re:Denial-of-Service?

[Opportunist]

While I generally agree, I cannot second the idea that it should be legal to break into computers that are insufficiently secured. That would make the internet an even worse place than it already is.

What we need is something like the famous FCC part 15 sticker rules. You know the ones, you can find it on pretty much any electronic device:
(1) This device may not cause harmful interference, and
(2) this device must accept any interference received, including interference that may cause undesired operation.

We need something like this for IoT devices.

BrickerBot

[Daetrin]

The hero the Internet of Things both deserves _and_ needs.

Re:BrickerBot

[OzPeter]

The hero the Internet of Things both deserves _and_ needs.

Yeah .. there's nothing like a vigilante of whom you approve.

Re:BrickerBot

[sinij]

The hero the Internet of Things both deserves _and_ needs.

Yeah .. there's nothing like a vigilante of whom you approve.

Yes it is vigilante and we suppose to condemn such things. However, what the alternative? Internet Weather with DDoS storms routinely taking big chunks of it down? Markets completely failed to solve this problem, legislation isn't feasible considering international nature of this... so vigilante is least bad solution here.

Looking at my firewall logs

[Zocalo]

Looking at my firewall logs I think BrickerBot v3.0 may have actually been unleashed on the 18th, not the 20th. There was a huge decline in scanning for port 5358 that started on the 18th, which is now less than half the activity level it was at on the 17th, and less than 15% of the levels it was peaking at prior to BrickerBot v1.0. There are further, but smaller, falls in some of the other typical IoT ports like 2323 that started around the same time as well.

If you're reading, Janit0r (or whatever your current pseudonym is), keep up the good work! Might be worth taking a look at what's going on with Port 81 as well... Just sayin' :)

Re:I thought Linux was supposed to be secure?

[petermgreen]

The problem is threefold.

Firstly lack of updates, SoC vendors are notorious for porting one or two versions of Linux, throwing it over the wall to device vendors and then doing nothing to keep it up to date. Some SoCs can be use with upstream kernels but very often with reduced functionality. The device vendors in turn add their own customisations to that kernel that the SoC vendor threw over the wall. Quickly you end up with something that cannot reasonablly be updated to a new upstream version. It is possible to some extent to backport security fixes, but it's a lot of work so it is likely to get skipped entirely or at least restricted to the most-severe vulnerabilties.

Secondly the vendors doing the work often do it without really caring about security which can lead to busting big holes in the user-security model. Remember "exynos-mem"?

Thirdly if your application layer is full of holes then attackers will be able to get whatever privilages that application has. If that is root then the attacker has full control of the device. Even if it is not root the attacker may well be able to elavate to root due to the first and second points.

Re:I thought Linux was supposed to be secure?

[sjames]

Nothing is so secure that a complete idiot can't screw it up and render it insecure (consider, fort Knox but someone stands the guards down and leaves the doors and vaults open).

When we say Linux is more secure, what we mean is that a reasonably competent person has a better chance of coming up with a reasonably secure Linux machine than they do using another OS.