When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries.
These Internet of Things cameras were typical of IoT devices in that they ran with next to no security and inadequate patching systems. What's more, since they were always on and designed to transmit data over the public internet, they were especially powerful members of the botnet.
Sucuri researchers queried a sampling of the boxes and found that all of them showed they were running what was called the "Cross Web Server" that had a default Web page titled "DVR Components." The researchers later found the malicious IPs contained the company logos of resellers of CCTV services and that all the devices were running BusyBox, a collection of Unix-based utility tools that run on embedded devices. To make it harder to block the attack, the malicious devices had been programmed to emulate normal browser behavior by displaying a variety of common user agents, such as those associated with the Chrome, Internet Explorer, and Safari browsers. The hacked devices also displayed "referrers" falsely showing they had most recently visited sites including Engadget, Google, and USA Today.
Large botnet of CCTV devices knock the snot out of jewelry website
[Dan Goodin/Ars Technica]
(Image: Different Types of Cctv Cameras, Tamasflex, CC-BY-SA)
Sytech is a private sector contractor to FSB, the Russian spy-agency that is the successor to the KGB; on July 13th, hacking group 0v1ru$ defaced Sytech's site and claimed to have hacked their internal network and stolen their files -- this week, the Russian hacking group Digitalrevolution began to pass these files on to Russian […]
“For the first time ever, there’s a comprehensive map on where local police departments have partnered with Amazon’s Ring,” CNet’s Alfred Ng writes.
“The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives.”
Vape technology has been around long enough that vapers are starting to get picky about their gear. Luckily, so are we. From disposable models to cutting-edge touchscreen atomizers, there’s a vaporizer in this roundup to suit every taste. Hera 2 – World’s Most Advanced Dual-Use Vaporizer Choose between dry herb or oil extraction modes – […]
With enough practice and commitment, anyone can be a visual artist. But without the right instruction, that time spent honing your skills could seem like an eternity. If you really want to see where your talent can take you, you need sound fundamentals – and no matter what discipline or genre you lean toward, the […]
Theoretically, there’s never been an easier time for marketers. The ubiquity of social media means a good word – or a good brand – can spread like wildfire with very little effort. But as limitless as the internet is, there’s a lot of competition and noise to contend with. And the vast graveyard of failed […]