Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Botnet Data Storage Security

Compromised CCTV and NAS Devices Found Participating In DDoS Attacks (incapsula.com) 64

chicksdaddy writes: The parade of horribles continues on the Internet of Things, with a report from the security firm Incapsula that its researchers discovered compromised closed circuit cameras as well as home network attached storage (NAS) devices participating in denial of service attacks. The compromised machines included a CCTV at a local mall, just a couple minutes from the Incapsula headquarters.

According to the report, Incapsula discovered the infections as part of an investigation into a distributed denial of service attack on what it described as a "rarely-used asset" at a "large cloud service." The attack used a network of 900 compromised cameras to create a flood of HTTP GET requests, at a rate of around 20,000 requests per second, to try to disable the cloud-based server. The cameras were running the same operating system: embedded Linux with BusyBox, which is a collection of Unix utilities designed for resource-constrained endpoints.

The malware in question was a variant of a self-replicating program known as Lightaidra, which targets systems running BusyBox and exploits vulnerable Telnet/SSH services using so-called "brute force dictionary attacks" (aka "password guessing"). Given that many Internet connected devices simply use the default administrator credentials when deployed, calling it a "brute force" attack is probably a stretch.

This discussion has been archived. No new comments can be posted.

Compromised CCTV and NAS Devices Found Participating In DDoS Attacks

Comments Filter:
  • You can burn out the motor coils in the cameras by hacking the software and over driving them?

    • You can burn out the motor coils in the cameras by hacking the software and over driving them?

      Maybe the cameras burned themselves out because they were tired of being our slaves?

    • by Mashiki ( 184564 )

      Wouldn't surprise me in the least, and seems very probable. You used to be able to destroy CRT monitors by telling a program to run the refresh, or horizontal or vertical alignments out of spec or sync too, for the longest time you could do it with ansi codes. Kinda like how you could destroy the old HDD's that needed a parking utility by telling the heads to slam into the spindle while the drive was still running.

    • by JustAnotherOldGuy ( 4145623 ) on Friday October 23, 2015 @04:37PM (#50790177)

      Man, I just can't wait until everything fucking I own is vulnerable and requires daily/weekly patching.

      Upgrade toilet? CHECK....DONE.
      Upgrade refrigerator? CHECK....DONE.
      Upgrade toaster? CHECK....DONE.
      Upgrade alarm clock? CHECK....DONE.
      Upgrade gas stove? CHECK....DONE.
      Upgrade TV? CHECK....DONE.
      Upgrade ink pen? CHECK....DONE.
      Upgrade couch? CHECK....DONE.
      Upgrade desk lamp? CHECK....DONE.
      Upgrade front door? CHECK....DONE.
      Upgrade coffee table? CHECK....DONE.
      Upgrade soap dispenser? CHECK....DONE.
      Upgrade wife's vibrator? CHECK....DONE.
      Upgrade the upgrade manager? CHECK....DONE.
      Upgrade kitchen light? CHECK....DONE.
      Upgrade lawnmower? CHECK....DONE.
      Upgrade sink? CHECK....DONE.

      • by Anonymous Coward

        You know you want to let your toilet become part of a zombie bot network so it can DDoS someone.

      • by MrL0G1C ( 867445 )

        You forgot to upgrade the cats pacemaker, it got hit by a worm made by cat hating hacker and died.

        And the toilet update failed, the toilet is now in an endless reboot-crash loop.

        • by MrL0G1C ( 867445 )

          Oh and don't even think of trying to re-flash the toilet yourself, that's illegal under both health and safety and DMCA laws and your hair dryer will report you to the police if you try.

  • by Anonymous Coward

    That's why when it comes to my Internet of Things, I only trust the Genuine® Advantage©® of Certified® Microsoft©® Windows®© Internet© of© Things©® Soft®ware®.

    ©

  • by Anonymous Coward

    Is anyone else getting annoyed at the writing style of recent Slashdot submissions ?

    They are being written in a dumbed down folksy style with idiotic mannerisms designed to explain things to idiots, not the geek readership around here.

    • What geek readership? The true geeks all left a long time ago. The dumbed-down folksy style is a perfect fit for the wannabe geeks and Teatards who still largely inhabit this place.

    • by OzPeter ( 195038 )

      Is anyone else getting annoyed at the writing style of recent Slashdot submissions ?

      They are being written in a dumbed down folksy style with idiotic mannerisms designed to explain things to idiots, not the geek readership around here.

      Remember that Slashdot is up for sale, so "broadening" the audience is going to help Dice recoup what it paid for Slashdot.

  • by 0123456 ( 636235 ) on Friday October 23, 2015 @01:40PM (#50788855)

    My Webcam came with an open root telnet port. Just connect to port XXXX (whatever it was, I forget) and you were automatically logged in to a root shell.

    There's a reason I kept it completely firewalled from the Internet.

  • by xxxJonBoyxxx ( 565205 ) on Friday October 23, 2015 @01:40PM (#50788857)

    >> compromised machines included a CCTV at a local mall, just a couple minutes from the Incapsula headquarters

    Clearly, the correct thing to do is move the HQ further away from the mall, right?

  • by ArchieBunker ( 132337 ) on Friday October 23, 2015 @01:48PM (#50788915) Homepage

    A few years ago I got curious and started scanning the local subnets on my ISP for open telnet ports. Found one DVR type of device with four cameras and four hard drives running with disks 100% filled. The default logins worked and found myself at a busybox prompt. What was interesting was there was always a few others logged in from countries over seas. I managed to tftp a fragment of a video file but couldn't recognize the area. There is no reason for multiple telnet logins to a DVR box.

    • by KGIII ( 973947 )

      I'm not admitting to anything but there's someone who will answer to my name, if called, who may have a hobby of finding online printers and sending them a (single) printed piece of paper telling them of the fault. Why they've got them online or with forwarded ports is beyond me. But, you know... Sometimes there are easily accessed routers and whatnot. I don't know anything about anything, of course, but they all *probably* have the default passwords still. If I were to do something like that then I'd obvio

  • by imp7 ( 714746 )
    It's funny reading this today, because yesterday my smtp server was getting attacked by a Samsung DVR.
  • by Anonymous Coward

    The Wikipedia of Things, where any dipshit on the internet can edit your refrigerator.

  • I have no idea why people allow outside access to their NAS device or webcams. At a minimum, require VPN access, but ideally put them in a VLAN "jail".

    Someone is going to need to get much more savvy when it comes to securing this "IoT" monster.

    • It's more likely "professionally" installed systems that are the problem. Most physical security companies have no freaking idea what they're doing on a network, even 10+ years after IP cameras were introduced. I should know, I clean up after them all the time at my own physical security company. Add that to all the problems that "Hackvision" (Hikvision) has had, and it's a recipe for disaster.
  • From the article, it seems like the exploited cameras are IP-addressable/reachable. That does not sound like Closed Circuit TV as I think of it, with non-ethernet coax-and-like connected cameras connected to a monitoring station in a true closed circuit. I am no expert, but should we be talking about an exploit of "IP-enabled security cameras" or something like that instead?
  • Dear $public $relations $firm, please generate 'reports' about DDOS attacks that don't mention that vast pool of compromised Microsoft Windows desktops out there on the Internet.

    'Incapsula is a cloud-based security and acceleration service that makes websites safer, faster, and more reliable'
  • the Nike Air Ralston Mid nike tn requin [com.com] ool Grey,makes good on the air yeezy shoes stylish design, adding a creamy grey suede upper to a white midsole, orange accents, and a sport-inspired pad-like outsole. Hit the jump for a few more looks, and hit spots like MrRSportsMiami.com for a pair today. Yesterday brought a glimpse of one of the simpler Hachi colorways wee seen to date, eschewing the standard Sting-inspired two-color (or at least two-tone) look in favor of a more uniform coloring. And as the cou

The idle man does not know what it is to enjoy rest.

Working...