MegaMind Posted October 23, 2015 Share Posted October 23, 2015 Over 900 CCTV cameras sporting default or weak login credentials were hacked and joined into a DDoSing botnet that covers the entire globe, asIncapsula researchers are reporting.Hacking the CCTV cameras wasn't as hard as you'd think, and as the security researchers are explaining, a simple dictionary brute-force attack was more than enough to easily crack the CCTV systems.The blame solely resides in the persons that configured the devices, who used weak login SSH or Telnet passwords, didn't change the default ones at all, or left the cameras open to outside connections in cases where it wasn't necessary.According to the Incapsula team, all compromised CCTV systems were running BusyBox, a stripped-down version of the Linux operating system, specifically built to run on IoT devices with limited memory and CPU resources.After the devices were compromised via brute-force login attacks, the .btce malware was being dropped on their system, malware derived from ELF_BASHLITE (also known as GayFgt and Lightaidra), a malware family specially designed for BusyBox setups running on ARM architectures. CCTV cameras were launching DDoS attacks of 20,000 RPSAll infected devices were being used to launch DDoS attacks using HTTP GET request floods. The DDoS attack was mainly being carried out against a well-known cloud service provider.One of the devices that the security experts studied was recorded sending over 20,000 HTTP requests per second. Another device had multiple brute-force attacks and logins recorded in its logs from different IP addresses, meaning it was hacked more than once.Alongside SOHO routers, IP cameras and CCTV systems are generally considered the weakest and most unprotected network devices around.Geo-location of the botnet's devices http://news.softpedia.com/news/cctv-cameras-hijacked-to-form-worldwide-ddos-botnet-495166.shtml Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.