Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday October 03 2016, @04:09PM   Printer-friendly
from the now-it's-a-battle-for-cameras dept.

A few hundred thousand cameras want to talk to you:

A hacker has released computer source code that allows relatively unsophisticated people to wage the kinds of extraordinarily large assaults that recently knocked security news site KrebsOnSecurity offline and set new records for so-called distributed denial-of-service attacks.

KrebsOnSecurity's Brian Krebs reported on Saturday that the source code for "Mirai," a network of Internet-connected cameras and other "Internet of things" devices, was published on Friday. Dale Drew, the chief security officer at Internet backbone provider Level 3 Communications, told Ars that Mirai is one of two competing IoT botnet families that have recently menaced the Internet with record-breaking distributed denial-of-service (DDoS) attacks—including the one that targeted Krebs with 620 gigabits per second of network traffic, and another that hit French webhost OVH and reportedly peaked at more than 1 terabit per second. [...] According to Krebs, the Mirai source code was posted to the hacking community HackForums by a user with the handle Anna-senpai. Krebs said the leaker provided the following explanation:

When I first go in DDoS industry, I wasn't planning on staying in it long. I made my money, there's lots of eyes looking at IOT now, so it's time to GTFO. So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb [sic] DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.

Previously: A Source for Recent DDoS Attacks


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by Anonymous Coward on Monday October 03 2016, @06:08PM

    by Anonymous Coward on Monday October 03 2016, @06:08PM (#409544)

    You have no idea the scope. It is huge and worse than you can imagine. I worked with 'IoT' for about 10 years now. Most of these dudes 'upgrade' and 'firmware patch' is an afterthought. They are so quick to get in and do everything they have no clue what it means to be secure. None. Some of the people working on it may be alright at it. But their management does not care or want it. I a group of guys and they wanted to put in default passwords for root across the whole line of products. The module makers all have a dirty secret too. Most of them have a default password they do not want to give out but it is usually easy to get around or with a bit of time guess they are never long or too complex and I can run a password cracker overnight and usually get one. On top of that most are still using telnet and not bothering with ssh. Then even if they do use ssh they have no concept of 'update the strength' or 're-key'. Then even if they DO have something like that it is usually a terrible procedure that is not tested very well with some crap GUI sitting on an http (not https) port. Oh and getting firmware updates out of some of them is like pulling teeth through a straw. Some of the devices to update you have to open the board up and get at the jtag pins. Not very user friendly.

    I have exactly 2 IoT like devices in my home. My TV and my synology. The TV is not plugged into the internet, at all it has not had a firmware update in 5 years and runs a linux kernel from that time with an open ssh port (I scanned it). The synology is 'better' but their kernel is from 2011. The other packages on the device are better and more up to date but it shows how much effort they are putting forth to keep up. Neither of these devices are not unique. The home automation stuff is even worse, much worse.

    Think of taking a linux kernel from circa 2008 with a openssl/openssh stack from 2004 and plugging it into the internet with a known default root password and a telnet port. It will be rooted in a matter of hours. That is how bad this stuff is. Even if they lock out root there are so many known easy exploits to get root privs its not worth it.

    I have seen the gamut of bad ideas. My favorite one is this 'oh we will put the port on a non standard number no one will guess that'. That is until I show them nmap and how quickly it figures it out.

    Starting Score:    0  points
    Moderation   +4  
       Interesting=3, Informative=1, Total=4
    Extra 'Interesting' Modifier   0  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Monday October 03 2016, @06:17PM

    by Anonymous Coward on Monday October 03 2016, @06:17PM (#409545)

    Cull stupid people. Smart people won't buy stupid crap. Stupid crap won't be exploited. Stupid people won't be exploited. Exploitation-based anything will cease to be a problem. Stupidity kills.

    • (Score: 0) by Anonymous Coward on Monday October 03 2016, @06:20PM

      by Anonymous Coward on Monday October 03 2016, @06:20PM (#409548)

      Stupid people will become the botnet that brings down everyone else.

    • (Score: 1, Insightful) by Anonymous Coward on Monday October 03 2016, @06:32PM

      by Anonymous Coward on Monday October 03 2016, @06:32PM (#409558)

      Eugenics is bad, we're stronger as a species when we have diversity, smart people tend to have other issues as well. If you truly believe your statements then it is likely you will be one of the people culled from the herd. Also, plenty of smart people are exploited by dumber people in positions of power.

      I can only hope you were making a joke...

    • (Score: 1) by shipofgold on Monday October 03 2016, @07:13PM

      by shipofgold (4696) on Monday October 03 2016, @07:13PM (#409587)

      The people who buy the crap probably don't care if it is part of a botnet or not. They only care if the thing does what they think it should do and if it doesn't degrade their bandwidth too much. If the device steals 1Mb/s of bandwidth from a 10Mb/s connection most people wouldn't even notice.

      1 million devices at 1Mb/s is a terabit/second

      Looking at the description of the software, all it does is hunt for devices and tries default passwords. If the device makers would simply force the user to change the password this particular scourge would be finished.

      The problem I have with all the articles, is that I could not find a list of devices (beyond some Chinese Security camera) that is susceptible to this particular attack.

      • (Score: 2, Informative) by RS3 on Tuesday October 04 2016, @12:06AM

        by RS3 (6367) on Tuesday October 04 2016, @12:06AM (#409745)

        The problem I have with all the articles, is that I could not find a list of devices (beyond some Chinese Security camera) that are susceptible to this particular attack.

        For this malware dubbed “Mirai”, Krebs has a product list: https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/ [krebsonsecurity.com]

        I have a feeling there are many many more vulnerable devices out there.

        • (Score: 2) by takyon on Tuesday October 04 2016, @01:28AM

          by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday October 04 2016, @01:28AM (#409764) Journal

          HiSilicon sounds familiar... oh yeah, they make ARM SoCs, including 8-cores:

          https://en.wikipedia.org/wiki/HiSilicon [wikipedia.org]

          --
          [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
        • (Score: 0) by Anonymous Coward on Tuesday October 04 2016, @09:19AM

          by Anonymous Coward on Tuesday October 04 2016, @09:19AM (#409895)

          For this malware dubbed “Mirai”, Krebs has a product list: " rel="url2html-20703">https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack/

          Uh, I think I see a problem with that.

          "My site has been the target of a largest DDoS in history, from a variety of vulnerable devices. If you want to know which devices are vulnerable, I put the list up on my site."

  • (Score: 3, Insightful) by edIII on Monday October 03 2016, @10:29PM

    by edIII (791) on Monday October 03 2016, @10:29PM (#409710)

    Which is why it is ludicrous to allow Internet access to almost anything inside your home. If it's sophisticated enough to use a NTP server, then run a NTP server on your firewall instead and not let it have access to outside networks.

    About all we can do is proceed to a white-listed world where a pop-up appears on our security device warning us our refrigerator is trying to make a request to Botswana.

    I can think of almost no reason whatsoever to give Internet access to anything inside my home, beyond syncing a clock. There are use cases, but I have no interests whatsoever in my refrigerator tweeting out my lack of peanut butter and attempting to auto-purchase on Amazon for me. Fuck that noise.

    Moreover, I can think of almost no reasons beyond media streaming as to why IoT devices need to speak with each other. The firewall by default should allow 1:1 connections to it, but fail to acknowledge there is even a rest of the network at all when using diagnostic tools.

    I have a term for this new future: Untrusted Everything.

    --
    Technically, lunchtime is at any moment. It's just a wave function.