Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Botnet Operating Systems Security Software Hardware

BrickerBot, the Permanent Denial-of-Service Botnet, Is Back With a Vengeance (arstechnica.com) 113

An anonymous reader quotes a report from Ars Technica: BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices before they can be conscripted into Internet-crippling denial-of-service armies, is back with a new squadron of foot soldiers armed with a meaner arsenal of weapons. Pascal Geenens, the researcher who first documented what he calls the permanent denial-of-service botnet, has dubbed the fiercest new instance BrickerBot.3. It appeared out of nowhere on April 20, exactly one month after BrickerBot.1 first surfaced. Not only did BrickerBot.3 mount a much quicker number of attacks -- with 1,295 attacks coming in just 15 hours -- it used a modified attack script that added several commands designed to more completely shock and awe its targets. BrickerBot.1, by comparison, fired 1,895 volleys during the four days it was active, and the still-active BrickerBot.2 has spit out close to 12 attacks per day. Shortly after BrickerBot.3 began attacking, Geenens discovered BrickerBot.4. Together, the two newly discovered instances have attempted to attack devices in the research honeypot close to 1,400 times in less than 24 hours. Like BrickerBot.1, the newcomer botnets are made up of IoT devices running an outdated version of the Dropbear SSH server with public, geographically dispersed IP addresses. Those two characteristics lead Geenens to suspect the attacking devices are poorly secured IoT devices themselves that someone has compromised and used to permanently take out similarly unsecured devices. Geenens, of security firm Radware, has more details here.
This discussion has been archived. No new comments can be posted.

BrickerBot, the Permanent Denial-of-Service Botnet, Is Back With a Vengeance

Comments Filter:
  • Denial-of-Service? (Score:5, Insightful)

    by Anonymous Coward on Tuesday April 25, 2017 @08:05AM (#54297361)

    BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices

    Denial-of-Service botnet? Sounds more like a Public-Service botnet to me.

    • by monkeyzoo ( 3985097 ) on Tuesday April 25, 2017 @08:06AM (#54297365)

      Securing them for good before they can secured for evil.

    • Re: (Score:2, Insightful)

      I would mod parent up if I could.

      We made a big mistake when we made cracking into things illegal. We should have made cracking into things legal and made people put up impenetrable walls. This is computers and data. There are walls that anyone can put up that can keep out governments. This would have created demand for real security and by now we'd have it ubiquitously without trying.

      I hope this guy doesn't get caught, and I appreciate and do not encourage his actions.

      • by Opportunist ( 166417 ) on Tuesday April 25, 2017 @09:00AM (#54297693)

        While I generally agree, I cannot second the idea that it should be legal to break into computers that are insufficiently secured. That would make the internet an even worse place than it already is.

        What we need is something like the famous FCC part 15 sticker rules. You know the ones, you can find it on pretty much any electronic device:
        (1) This device may not cause harmful interference, and
        (2) this device must accept any interference received, including interference that may cause undesired operation.

        We need something like this for IoT devices.

        • Because those stickers helped anyone ever how exactly?
          • Few here are probably old enough to actually know how those stickers helped.

            Of course the stickers themselves did little. But the requirements to be allowed to glue those stickers to your gear are as described on the sticker. And before the stickers, electric gadgets interfering with each other was a big deal. Even well after WW2 high frequency interference from electric tools was still a big issue. Today, with electric appliances working on FAR lower voltages and using FAR less electricity, along with bett

        • Better that IoT toys should display a message from BrickerBot to the effect that "The manufacturer of this device compromised your security. It has been disabled to protect you. Contact the manufacturer for further details."

          This dumps the burden back on the creator of the garbage so they either move security up the priority list or go out of business. OK, so maybe it fibs a little, but only a little.

        • Just take this botnet you've created with hacked IoT devices, and direct it at the websites of the companies which are producing and selling the insecure IoT devices. Then the moral objections cancel out.
        • Well, IoT devices are at least halfway there. A lot of them will in fact accept any "interference" at all, and happily do whatever they are asked. Even if they are asked to violate the first rule.

        • Technically, you don't have to break into anything when the door is left wide open.

      • I would mod parent up if I could.

        We made a big mistake when we made cracking into things illegal. We should have made cracking into things legal and made people put up impenetrable walls. This is computers and data. There are walls that anyone can put up that can keep out governments. This would have created demand for real security and by now we'd have it ubiquitously without trying.

        I hope this guy doesn't get caught, and I appreciate and do not encourage his actions.

        So you have people with no technical skill in coding, or getting into their hardware buying a device, just say baby monitor and it is alright for a person to hack into it because these people do not have the technical knowledge to secure it better? This is asinine. It is like saying "It is fine to steal a persons car if you can because the person should have secured it better". Doesn't matter if it had an alarm and an immobilizer, was locked in a secure garage that was alarmed. If I can steal it it si the o

        • So you have people with no technical skill in coding, or getting into their hardware buying a device, just say baby monitor and it is alright for a person to hack into it because these people do not have the technical knowledge to secure it better?

          Right, just like all of those people who have no experience in machining who are all buying that one car where every car opens and starts with the same publicly-known key, and they are getting their cars stolen just because they don't have the experience to manufacture their own lock, ignition system, and key?

          Man, it's almost like the burden should be on the manufacturer to deliver a product that can't easily be broken into by default.

    • TODO:
      Change your US warranty laws, so such bricked device must be replaced for free. (See europe for an example)

      (It's a device. It was used as it is supposed to be by the end user. The end user didn't subject it to any abuse.
      The device suddenly stopped working unexpectedly. It has to be replaced under warranty).

      That will teach the manufacturer of shitty goods.

  • BrickerBot (Score:4, Insightful)

    by Daetrin ( 576516 ) on Tuesday April 25, 2017 @08:11AM (#54297381)
    The hero the Internet of Things both deserves _and_ needs.
    • by sinij ( 911942 )

      The hero the Internet of Things both deserves _and_ needs.

      I hope they catch the wrong guy/gal.

    • by OzPeter ( 195038 )

      The hero the Internet of Things both deserves _and_ needs.

      Yeah .. there's nothing like a vigilante of whom you approve.

      • The hero the Internet of Things both deserves _and_ needs.

        Yeah .. there's nothing like a vigilante of whom you approve.

        I think it maybe Fratman

      • Re: (Score:3, Insightful)

        by sinij ( 911942 )

        The hero the Internet of Things both deserves _and_ needs.

        Yeah .. there's nothing like a vigilante of whom you approve.

        Yes it is vigilante and we suppose to condemn such things. However, what the alternative? Internet Weather with DDoS storms routinely taking big chunks of it down? Markets completely failed to solve this problem, legislation isn't feasible considering international nature of this... so vigilante is least bad solution here.

        • by OzPeter ( 195038 )

          so vigilante is least bad solution here.

          A bad solution is still a bad solution. And vigilanteism is still vigilanteism. And DDOS attacks using infected devices are nothing new, it is just that IoT have opened up a new attack vector. Look at how many Windows based computers have been involved in DDOS in the past.

          What we have here is:

          1. Unknown person breaks into a computer they do not own.
          2. Unknown person does stuff to this computer (unknown to the owner) under the pretense of "fixing it".
          3. Ironically (according to TFS) the unknown person may

          • by Zocalo ( 252965 )

            A bad solution is still a bad solution. And vigilanteism is still vigilanteism. And DDOS attacks using infected devices are nothing new, it is just that IoT have opened up a new attack vector. Look at how many Windows based computers have been involved in DDOS in the past.

            Yes, it's a bad solution, and it's undeniably vigilantism as well. But, like democracy, it's still the best (and at present, only) solution we currently have that is working at scale. The Zero Day Initiative typically gives vendors 90

          • And a solution, when it is the only one, is still the only solution. I cite as an example war. It's a horrible solution. That doesn't mean it is never necessary.
          • by sjames ( 1099 )

            It's a tough question tyhough. I can't say I support BrickerBot, but at the same time, how would you feel if your website (or just one you really want to browse) is down and unlikely to return because of a bunch of internet enabled paper clips?

          • A bad solution is still a bad solution.

            Just out of curiosity, what is the good solution to the problem of a vast network of unsecured or insecure IoT devices that have already been deployed? Instead of describing what manufacturers should have done, what good solution do you have for the existing problem?

            How would you feel if this was your IoT device that was attacked?

            How do you feel when IoT botnets deliver DDOS attacks in the range of hundreds of gigabits per second? Are you still looking for that good solution to the existing problem?

      • Yeah .. there's nothing like a vigilante of whom you approve.

        That Batman is the #1 superhero indicates that a very large majority of the public recognizes that the State is limited in ability, resources, effectiveness, and competence.

        Imagine you're at a shopping mall, some nut comes in and starts throwing knives at passersby, taking out one shopper every five to ten seconds. There's a grandpa there packing a 9mm under his coat. Do you:
        a) want the grandpa to take out the knife-attacker
        b) call 911 and wait

        • by OzPeter ( 195038 )

          Imagine you're at a shopping mall, some nut comes in and starts throwing knives at passersby, taking out one shopper every five to ten seconds. There's a grandpa there packing a 9mm under his coat.

          False equivalence. In order to be comparable your "grandpa" would have be driving around town, spotting people with knives that grandpa considers dangerous, and then executing them. See Duterte for a great example of how this goes.

          • With the difference that the grandpa can flawlessly identify those that pose a threat. Because the IoT devices that get bricked that way are exactly those that would get taken over by a botnet. If they can't be taken over by botnets, the brickerbot cannot affect them either.

      • Vigilantes rise where the law is insufficiently able or completely unable or, worse, unwilling to deal with criminals that affect the population. There, and only there, you will find vigilantism.

        • by Shinobi ( 19308 )

          Vigilantes also rise from ideology, more commonly in orthodox religious or right-wing political leaning ones historically, though recently(as in the last 60 years), left-wing and some more liberal religious groups have started to engage in vigilante behaviour too

      • Vigilante definition, from Online Webster:

        : a member of a volunteer committee organized to suppress and punish crime summarily (as when the processes of law are viewed as inadequate); broadly : a self-appointed doer of justice

        Note the parenthetic comment - "when the processes of law are viewed as inadequate".

        In this case, the processes of law are NON-EXISTENCE. It is by definition inadequate. Yes, this is vigilante justice, mainly because our governments have totally failed to properly regulate these issues.

        We need a simple government agency to report internet based vulnerabilities. Once reported, the manufacturer should have one month to fix it - and push the fix out. With monetary

        • by moeinvt ( 851793 )

          "We need a simple government agency"

          LOL Don't you keep up with the news? When government agencies find vulnerabilities, they don't report them, they exploit them!

          • Yes because that is their mission. Your complaint is that they are too EFFECTIVE.

            There are lots of solid evidence that people dislike government because it is too good at what it does. Then they undermine the government and laugh and say "Hey, now that we have handcuffed them, they can't do anything right.!

            Which is why I want to create one to protect us rather than spy on us.

            Government agencies are actually more effective than businesses (two thirds accomplish thier goal, vs 1 third for small business).

    • The hero the Internet of Things both deserves _and_ needs.

      A hero of the Internet? We shall dub them, Bricky McBrickerson! ;)

    • He really should rename BrickerBot to BatmanBot.
  • Is it a plane?

    No it's Super Hacker Nerd!!

    Leaping the Internet Of Things in a single bound

  • by Zocalo ( 252965 ) on Tuesday April 25, 2017 @08:45AM (#54297587) Homepage
    Looking at my firewall logs I think BrickerBot v3.0 may have actually been unleashed on the 18th, not the 20th. There was a huge decline in scanning for port 5358 that started on the 18th, which is now less than half the activity level it was at on the 17th, and less than 15% of the levels it was peaking at prior to BrickerBot v1.0. There are further, but smaller, falls in some of the other typical IoT ports like 2323 that started around the same time as well.

    If you're reading, Janit0r (or whatever your current pseudonym is), keep up the good work! Might be worth taking a look at what's going on with Port 81 as well... Just sayin' :)
  • People want to be able to put code in a box, and have code to function without unwanted side effects. The consistent cognitive bias is towards placing blame on certain groups or practices as being at fault, then piling on.

    This approach consistently ignores the root cause, the lack of a widely used, secure operating system for anything smaller than an IBM mainframe.

    If your OS can't be counted on to limit the side effects of a program to those chosen at runtime, you can't trust it.

    Windows doesn't do this, no

  • Hmm.

    Nobody likes vigilantes! (Not even Batman).

    But a serious question: How can people be protected?

    While the techies can home brew something, what real products or solutions are
    there for the "casuals", the civilians and the "tech-vulnerable" ??

    Are there are any fairly cheap, zero configuration overhead solutions out there right now?

    Any options?

    • by HiThere ( 15173 )

      Yeah. Don't buy IoT devices. Actually, that's the best option for geeks, too. If you want an IoT device, build it yourself.

      • In the ideal world, everyone would do so, but we do not live in that one.

        And the list of IoT devices will expand to include, basically, ... everything.

        Every electricity meter, every freezer, every microwave, every TV.

        So for the people who cannot create their own solutions, what options are there?

        • by HiThere ( 15173 )

          "If this goes on..." then there aren't any solutions for anyone. That's one of the arguments for why BirckerBot & kin are social services.

          For *now* the correct solution is to refuse to buy IoT devices, or if you must, refuse to register them, or don't connect them to the internet and put them in a Faraday cage (if they use WiFi). (Well, you don't need a full-blown Faraday cage...just blocking a few wave-lengths sufficiently should suffice.) And if that won't work, return them as defective.

  • 1. Customers buy your insecure IoT devices.
    2. BrickerBot renders them nonfunctional.
    3. Customers no longer have a working IoT device, so they're in the market for a replacement.
    4. Profit!
    • 5. Consumers have to return broken device or re-purchase cheap IoT until they felt it is no longer worth constantly replacing broken device. Lowering the demand for IoT device.
      6. IoT developers have to constantly replace broken device until they either drop the IoT design, update security or face bankruptcy.

      they may sell more IoT device in the short term, but overall they will fail to profit in the long term.

  • The real problem is that IDIOT (Insecurely Designed Internet Of Things) devices can be accessed from the net via telnet, with default passwords, or even no passwords. I don't care if you're running linux, Windows, BSD, OS/2, or whatever; using telnet is begging to be owned.

    Telnet is an ancient, insecure protocol, from "a kinder/gentler time". When DARPAnet was started as a US-only project, you needed security clearance to access a mainframe or mini computer that could access the net. Every April 1st, there

  • Hyderabad escort service, escort service in Hyderabad, best escort service in Hyderabad. http://hyderabadbeauty.service... [hyderabadbeauty.services]

You know you've landed gear-up when it takes full power to taxi.

Working...