BrickerBot, the Permanent Denial-of-Service Botnet, Is Back With a Vengeance (arstechnica.com) 22
An anonymous reader quotes a report from Ars Technica: BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices before they can be conscripted into Internet-crippling denial-of-service armies, is back with a new squadron of foot soldiers armed with a meaner arsenal of weapons. Pascal Geenens, the researcher who first documented what he calls the permanent denial-of-service botnet, has dubbed the fiercest new instance BrickerBot.3. It appeared out of nowhere on April 20, exactly one month after BrickerBot.1 first surfaced. Not only did BrickerBot.3 mount a much quicker number of attacks -- with 1,295 attacks coming in just 15 hours -- it used a modified attack script that added several commands designed to more completely shock and awe its targets. BrickerBot.1, by comparison, fired 1,895 volleys during the four days it was active, and the still-active BrickerBot.2 has spit out close to 12 attacks per day. Shortly after BrickerBot.3 began attacking, Geenens discovered BrickerBot.4. Together, the two newly discovered instances have attempted to attack devices in the research honeypot close to 1,400 times in less than 24 hours. Like BrickerBot.1, the newcomer botnets are made up of IoT devices running an outdated version of the Dropbear SSH server with public, geographically dispersed IP addresses. Those two characteristics lead Geenens to suspect the attacking devices are poorly secured IoT devices themselves that someone has compromised and used to permanently take out similarly unsecured devices. Geenens, of security firm Radware, has more details here.
Re: (Score:3)
Securing them for good before they can secured for evil.
Re: (Score:2)
I would mod parent up if I could.
We made a big mistake when we made cracking into things illegal. We should have made cracking into things legal and made people put up impenetrable walls. This is computers and data. There are walls that anyone can put up that can keep out governments. This would have created demand for real security and by now we'd have it ubiquitously without trying.
I hope this guy doesn't get caught, and I appreciate and do not encourage his actions.
BrickerBot (Score:4, Insightful)
Re: (Score:2)
The hero the Internet of Things both deserves _and_ needs.
I hope they catch the wrong guy/gal.
Re: (Score:2)
The hero the Internet of Things both deserves _and_ needs.
Yeah
.. there's nothing like a vigilante of whom you approve.
Re: (Score:2)
The hero the Internet of Things both deserves _and_ needs.
Yeah
.. there's nothing like a vigilante of whom you approve.
I think it maybe Fratman
Re: (Score:2)
The hero the Internet of Things both deserves _and_ needs.
Yeah
.. there's nothing like a vigilante of whom you approve.
Yes it is vigilante and we suppose to condemn such things. However, what the alternative? Internet Weather with DDoS storms routinely taking big chunks of it down? Markets completely failed to solve this problem, legislation isn't feasible considering international nature of this... so vigilante is least bad solution here.
Re: (Score:2)
so vigilante is least bad solution here.
A bad solution is still a bad solution. And vigilanteism is still vigilanteism. And DDOS attacks using infected devices are nothing new, it is just that IoT have opened up a new attack vector. Look at how many Windows based computers have been involved in DDOS in the past.
What we have here is:
1. Unknown person breaks into a computer they do not own.
2. Unknown person does stuff to this computer (unknown to the owner) under the pretense of "fixing it".
3. Ironically (according to TFS) the unknown person may
Re: (Score:1)
Yeah
.. there's nothing like a vigilante of whom you approve.
That Batman is the #1 superhero indicates that a very large majority of the public recognizes that the State is limited in ability, resources, effectiveness, and competence.
Imagine you're at a shopping mall, some nut comes in and starts throwing knives at passersby, taking out one shopper every five to ten seconds. There's a grandpa there packing a 9mm under his coat. Do you:
a) want the grandpa to take out the knife-attacker
b) call 911 and wait
Re: (Score:2)
Imagine you're at a shopping mall, some nut comes in and starts throwing knives at passersby, taking out one shopper every five to ten seconds. There's a grandpa there packing a 9mm under his coat.
False equivalence. In order to be comparable your "grandpa" would have be driving around town, spotting people with knives that grandpa considers dangerous, and then executing them. See Duterte for a great example of how this goes.
Re: (Score:2)
The hero the Internet of Things both deserves _and_ needs.
A hero of the Internet? We shall dub them, Bricky McBrickerson!
;)
Is it a bird? (Score:2)
Is it a plane?
No it's Super Hacker Nerd!!
Leaping the Internet Of Things in a single bound
Looking at my firewall logs (Score:2)
If you're reading, Janit0r (or whatever you