BrickerBot Dev Claims Cyber-Attack That Affected Over 60,000 Indian Modems (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

BrickerBot Dev Claims Cyber-Attack That Affected Over 60,000 Indian Modems (bleepingcomputer.com)

Posted by BeauHD on Monday July 31, 2017 @11:20AM from the taking-responsibility dept.

An anonymous reader quotes a report from Bleeping Computer: "The author of the BrickerBot malware has claimed a cyber-attack that affected several Indian states and has caused over 60,000 modems and routers to lose Internet connectivity," reports Bleeping Computer. "The incident affected modems and routers belonging to Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL), two Indian state-owned telecommunications service providers." The BrickerBot malware infected modems that used default passwords and modems that the two ISPs left exposed via the TR069 management interface to connections from anywhere on the Internet. BrickerBot is a malware strain that affects Linux-based IoT and networking devices. Unlike other malware that hoards devices into botnets for DDoS attacks and other purposes, BrickerBot "bricks" the equipment by rewriting its flash storage with random data. In most cases this bricking effect can be reversed, but in some cases this is permanent. BSNL and MTNL had worked to fix problems but efforts were delayed after a BSNL workforce strike. The BrickerBot author also raised the alarm about similar exposed devices on the network of Pakistan Telecommunication Company Limited (PTCL). In April, the BrickerBot author claimed he bricked over 2 million devices.

32 comments

Min score:

Reason:

Sort:

what's the point? by hjf · 2017-07-31 11:25 · Score: 0

what's the point, really? The only victims here are people who aren't responsible for this. They're left without internet for days until this is fixed.
Yes, we know shit is insecure, but take it on the people responsible for this, not on the users. They will still be billed. And no one will be fired for the mistake.
1. Re:what's the point? by Anonymous Coward · 2017-07-31 11:36 · Score: 3, Insightful
  
  The problem is that it simply isn't true anymore with botnets. Before them all of the idiots getting infected wasn't a problem to people who were doing security right. However now mass armies of zombie-botnets are causing major persistent DDOS problems to the people who are doing the right things, and worse trying to get ransoms from it. I don't necessarily approve of what brickerbot's author is doing morally and legally but there is a valid logic to it. Either stop your systems from being a threat to everyone else or have them wrecked. Bricking is also something fixable by someone with enough expertise at least - who would also be more than capable of actually securing and it and inclined to do so after they had fix the previous mess.
2. Re:what's the point? by Gravis+Zero · 2017-07-31 12:01 · Score: 4, Informative
  
  what's the point, really?
  To remove insecure devices from the internet rather than allow bad actors to take advantage of them.
  
  The only victims here are people who aren't responsible for this.
  If you paid money for an insecure device, you are responsible for financing a distributor of insecure devices.
  
  Yes, we know shit is insecure,
  And you should also know that insecure shit is going to be bricked.
  
  but take it on the people responsible for this, not on the users. They will still be billed. And no one will be fired for the mistake.
  If you give enough people a headache, they will give other people a headache for it happening. Eventually, the people responsible will either change their ways or it's going to be a painful decade for them.
  
  --
  Anons need not reply. Questions end with a question mark.
3. Re:what's the point? by Anonymous Coward · 2017-07-31 12:33 · Score: 0
  
  The response from the company has to among the following:
  - Continually fund a department to fix these occurrences as the are exploited.
  - Address the vulnerability to reduce the occurrences of this.
  - Find the author of the malware and begin legal proceedings.
  They will likely take all of the above routes.
  It's unfortunate that we'll end up finding the author because he/she likely did us all a favor by removing these bad devices from the internet. The world won't see it this way and this guy is likely gonna get royally roasted as a warning shot to others. This is no different from the way we currently treat whitehats and grayhats even if they believe they are acting in our collective best interest.
4. Re:what's the point? by geekmux · 2017-07-31 12:43 · Score: 4, Insightful
  
  what's the point, really? The only victims here are people who aren't responsible for this. They're left without internet for days until this is fixed. Yes, we know shit is insecure, but take it on the people responsible for this, not on the users. They will still be billed. And no one will be fired for the mistake.
  The entire point of targeting insecure hardware is to get the attention of those who created that clusterfuck in order for them to fix it.
  Yes, that sometimes means innocent victims get caught in the crossfire. That bullshit will continue until vendors pull their head out of their ass and learn to prioritize security over profits. And speaking of profits and impact, if I were the customer, I certainly would not be paying for service during an outage. I'd be demanding a refund and consider leaving for another provider.
5. Re:what's the point? by Ol+Olsoc · 2017-07-31 12:44 · Score: 5, Insightful
  
  If you give enough people a headache, they will give other people a headache for it happening. Eventually, the people responsible will either change their ways or it's going to be a painful decade for them.
  My boss told me years ago, that the best way to get action from someone with a problem I was having was to make it their problem.
  And damned if that wasn't some of the best advive I ever got. Yes, it pissed off some folks, but yes, they remembered that I expected a quick response in the future.
  I don't care if these people using this insecure hardware are blacklisted until they remove it. Watch how quickly that particular problem goes away.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
6. Re:what's the point? by Anonymous Coward · 2017-07-31 13:22 · Score: 0
  
  It won't be long now until the governments around the world start classifying these types of attacks under terrorism laws. Once that happens it gives governments (not just the US) more leeway in both tracking down and capturing the individual(s) deemed responsible.
  "To remove insecure devices from the internet rather than allow bad actors to take advantage of them" Try using this reason at your trial and see how far you get. It's a justification defense by someone who thinks he can do anything he wants all in the name of a good cause. There are a lot of bounty programs being paid to those who find exploitable weaknesses and report them to the company. Using a newly discovered exploit to brick thousands of devices is a criminal act. These guys fall into the category of immature assholes trying to show the world how smart they are. The plain and simple truth is there is no system or software in the world that cannot be exploited one way or another. When a nation state gets involved they can deploy exploits even on systems without any outside network connection. I am sure Iran thought their centrifuge lab was locked up tight. The people who have been relentlessly trying to neuter US intelligence and counter intelligence
  agencies have only had few superficial glimpses of the capabilities these organizations can bring to bear. The fears over mass surveillance are a red herring. Mass surveillance does not provide the intelligence agencies with anything useful. However, if you do something that puts you on their radar you best run to a cave and leave your cellphone at home because that may keep you out of custody for at least a few more weeks.
7. Re:what's the point? by Alok · 2017-07-31 13:34 · Score: 1
  
  This is the first time I'm hearing of BrickerBot, but did the author release any news that this is a clever strike against the diabolical surveillance capabilities of intelligence agencies? It seems like a response by someone tired of armies of DDOS bots crowding the internet and a lack of action by popular ISPs to secure their own devices.
  Sure, in future (or even at present) many governments will classify this as 'terrorism', as punishments are much easier to sell to public under terrorism laws regardless of actual intent or magnitude of the crime. But even so, it will remain far easier for black hats to actually effect positive change in getting rid of botnets - white hats who actually report bugs are quite likely to be just ignored, with a small chance of actually getting charged for intrusion instead. Think of the recent story of the 'hacker' who used Firebug to get cheaper train fare or something in Belarus or w/e ... the company just ended up calling the cops on him! Having such actions subject to stronger anti-terrorism laws, and as usual without proper exemptions for responsible reporting, will only end up with responsible white hat types having a harder time in fixing or reporting major issues that they come across.
8. Re:what's the point? by Alok · 2017-07-31 13:36 · Score: 1
  
  > They're left without internet for days until this is fixed.
  These are days which they will spend complaining about service, and some will be shopping around for other providers. If a significant fraction jump ship, the ISP is going to get a sudden motivation boost to start reading up on basic security practices that are essential in a highly connected world.
9. Re: what's the point? by Anonymous Coward · 2017-07-31 14:10 · Score: 0
  
  Bullshit. Anybody with enough balls to request service credit will get it. The ISP are the ones who have to pay to fix their shit.
  Fuck them and fuck you.
10. Re: what's the point? by Anonymous Coward · 2017-07-31 17:16 · Score: 0
  
  From a moral point of view, as long as the bricking can be 'fixed', it's a perfectly acceptable way to proactively destroy bot nets. That said, some of these devices are extremely shiity that nothing can be done to secure them, so the last possible solution is to force the device to kill itself. This should act as a warning to IoT device manufacturers to shape up or be prepared to repair under warranty many devices shortly after sale.
11. Re:what's the point? by parkinglot777 · 2017-07-31 23:56 · Score: 2
  
  And speaking of profits and impact, if I were the customer, I certainly would not be paying for service during an outage. I'd be demanding a refund and consider leaving for another provider.
  Well, we are talking about India here. I am not so sure that their country would have a similar way of dealing with bad services. If you have ever lived in one of the 3rd world countries, you may get some ideas how disadvantage consumers are having...
12. Re:what's the point? by tlhIngan · 2017-08-01 03:49 · Score: 1
  
  These are days which they will spend complaining about service, and some will be shopping around for other providers. If a significant fraction jump ship, the ISP is going to get a sudden motivation boost to start reading up on basic security practices that are essential in a highly connected world.
  This is India we're talking about. The ISP is probably the local telephone company which is run by the government. And disparaging the government will get you disappeared. In a country of 1.4+ billion people, no one would notice. (India and China are basically neck and neck for most populous country, and the "leader" switches frequently).
  And if they knocked an entire village offline, that means a 2-day trek to check their email again, and kids are stuck without educational materials, so go work in the fields.
13. Re:what's the point? by Aristos+Mazer · 2017-08-01 04:09 · Score: 1
  
  Many areas of the USA are served by only one ISP. I can't believe it is much different in India. For many people, there isn't any such thing as "shopping around".
14. Re:what's the point? by hjf · 2017-08-01 04:32 · Score: 1
  
  That's the problem with the average Slashdot user "hurr durr if your ISP is bad, just switch".
Was that a blanket attack? by tirnacopu · 2017-07-31 11:34 · Score: 1

(sorry, will be here all week, try the veal)
hmmm by Anonymous Coward · 2017-07-31 11:43 · Score: 0

in a twist of fate all support calls were routed to call centers in... india
Keep at it!! by Anonymous Coward · 2017-07-31 12:25 · Score: 0

I say keep at it. If companies aren't going to fix the products they unleashed to the internet and users are either too lazy or unaware to update/replace them. Then take them out.
If i were a clueless user, id rather have someone brick my device, than someone else come along put some malware on it and send god knows what to god knows who. Most clueless people would probably have no idea what happened, just assume the device broke and go out and replace it. Hopefully with a newer/different version that is more secure.
Or maybe they'll just decide is not all that worth it to have your coffee pot on the internet.
That explains alot by Anonymous Coward · 2017-07-31 13:39 · Score: 0

No wonder the influx of spam has dropped in my inbox.
Re: Port filtering - VERY important... apk by Anonymous Coward · 2017-07-31 14:18 · Score: 0

Damn I feel sorry for those counter Reps.
Pop quiz: Which is faster and more effective; Sending a config file update to 50,000 people's modems which adds a port filter rule, or simply applying an ACL on the CMTS itself?
Bonus Question:
How is a user applied port filter on a modem, which applies to traffic inbound from the customer facing switchport and not the upstream traffic from the modem itself, going to do anything helpful?
Double Bonus Question:
Why don't you just add some entries to a hosts file on your edge router? Preferably one which translates slashdot.org to 127.0.0.1
Aren't responsible? by n329619 · 2017-07-31 14:36 · Score: 1

Same with Air Pollution,
Same with Privacy,
Same with Getting DDoS,
Same with Every Other Problem in the global world.
Just because you are ignorant, doesn't mean you are excused from responsibility.
In this case where you are not part of the Solution, You are part of the Problem.
1. Re:Aren't responsible? by hjf · 2017-08-01 04:33 · Score: 1
  
  So you're responsible for Trump?
Re: What I do for speed & security? by Anonymous Coward · 2017-07-31 15:22 · Score: 0

Ya, so what I do is call my ISP and have them shut off the built in router (most call it bridge mode, jargon may vary).
That in turn means no public facing IP to target on the modem, and my router holds the IP. Which lets me control the firmware, so it doesn't matter if the modem lets me set port filters or not.
Also, there's a transparent proxy between the router and the modem which does filtering, acls, and assorted intrusion scans, but thats beyond most average users.
Where is the problem ? by LordHighExecutioner · 2017-07-31 18:25 · Score: 1

Given the real level of technology there, they hacked 60,000 Bell 202 modems...
1. Re:Where is the problem ? by Anonymous Coward · 2017-08-01 08:39 · Score: 0
  
  that would be a huge achievement.
  It takes a lot of time at those speeds!
You can do that yourself easily... apk by Anonymous Coward · 2017-08-01 02:37 · Score: 0

See subject: Via a 3rd party router. Put ISP supplied "modem" in dumb-terminal mode & let 3rd party one be the 'brains'... you don't even really NEED the ISP to do it for you (cable & dsl modems have good gui interfaces for this now - no need to telnet or hyperterminal into them anymore like in the "olden days" to do so uploading new config files or manually setting them).
(Only "problem" w/ that? It costs more money for a 3rd party router/firewall unit...)
* IF that's no problem to you, go for it (I used to do that myself & this is the 1st round I haven't since oh, 2000, iirc).
APK
P.S.=> To each his own as finances permit... apk
Port filtering - VERY important... apk by Anonymous Coward · 2017-08-01 03:28 · Score: 0

See subject: THIS is an example of WHY I demand cablemodems (or DSL) or routers that have port filtering ability (not all do).
* So, WHY am I saying this? This "salient quote" from bleeping computer says it all for me:
"Attacks stopped after ISPs filtered port 7547"
APK
P.S.=> I just went thru it - the gents installing the wiring in my home said I had to hand in my old modem - no biggie, right? Wrong - not until I saw the model they gave me had NO port filter possible - so I went to my ISP's offices & got a model from that that HAS port filtering... apk
Couldn't happen to a nicer bunch by Anonymous Coward · 2017-08-01 03:39 · Score: 0

Ok- so who did this primarily affect? Indian users and companies. So what are they likely using these internet connections to do- they are currently one of the world's #1 source of fraud, abuse, and telecommunications harassment. Anyone with a smart phone- who hasn't paid money to lock it down- is experiencing a barrage of VOIP calls, with completely fake caller-id, from call centers hawking phony student loan forgiveness, credit card rate reductions, remove non-existent computer viruses, shady 'Carribean cruises', phony IRS debts, etc. etc. etc. etc. etc.
I say that anyone who manages to nuke the entire Indian IT/telecom structure has done humanity a great favor, and deserves a gold medal.