When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries.
These Internet of Things cameras were typical of IoT devices in that they ran with next to no security and inadequate patching systems. What's more, since they were always on and designed to transmit data over the public internet, they were especially powerful members of the botnet.
Sucuri researchers queried a sampling of the boxes and found that all of them showed they were running what was called the "Cross Web Server" that had a default Web page titled "DVR Components." The researchers later found the malicious IPs contained the company logos of resellers of CCTV services and that all the devices were running BusyBox, a collection of Unix-based utility tools that run on embedded devices. To make it harder to block the attack, the malicious devices had been programmed to emulate normal browser behavior by displaying a variety of common user agents, such as those associated with the Chrome, Internet Explorer, and Safari browsers. The hacked devices also displayed "referrers" falsely showing they had most recently visited sites including Engadget, Google, and USA Today.
Large botnet of CCTV devices knock the snot out of jewelry website
[Dan Goodin/Ars Technica]
(Image: Different Types of Cctv Cameras, Tamasflex, CC-BY-SA)
The United States Internal Revenue Service says it purchased access to a marketing database that offers location data for millions of US cellphones, so the IRS can identify and track persons suspected of tax-related crimes.
Following the discovery and prompting of a security researcher at Awake Security, Google says it has removed 106 malicious Chrome extensions that had 32 million downloads, and which were gathering browsing history and sensitive credentials from users.
Video-calling app Zoom has been on the end of sharp criticism for security weaknesses. In response, they announced today a plan to offer end-to-end encryption for all users, with a trial to begin next month.
When you sit down to play a new AAA video game like The Last of Us 2, you probably assume it was created by gaming experts with insane levels of artistic and technical talent. And…you’d be right. Top developers are craftsmen of the highest order, pouring literally thousands of man-hours into creating the greatest gaming […]
Earlier this year, we learned that Python had finally accomplished a feat other programming languages had failed for decades, to surpass Java as the second most-used coding language in the world. For its versatility and ease of use alone, its ascent among programmers isn’t hugely surprising. Then when you factor in its key role in […]
What’s your biggest gripe about power strips? Since most power servers like that are pretty standard these days, your beef probably isn’t about performance or connectivity. No, the biggest rap on trying to use many power strips is the curious engineering decision that often leaves multiple oddly shaped plugs and charging units unable to all […]