SoylentNews is people
SoylentNews
An Ars Technica story from 17 April, 2017 introduced us to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet's most advanced IoT botnet.
Hajime [PDF] was first reported on in October, 2016 by Sam Edwards and Ioannis Profetis, security researchers at Rapidity Networks, a Boulder, CO based ISP.
As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems."
Not your father's IoT botnet
But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape. Wednesday's technical analysis, which was written by Pascal Geenens, a researcher at security firm Radware, makes clear that the unknown person or people behind Hajime invested plenty of time and talent.
From the Ars Technica piece:
Hajime uses a decentralized peer-to-peer network to issue commands and updates to infected devices. This design makes it more resistant to takedowns by ISPs and Internet backbone providers. Hajime uses the same list of user name and password combinations Mirai uses, with the addition of two more. It also takes steps to conceal its running processes and files, a feature that makes detecting infected systems more difficult. Most interesting of all: Hajime appears to be the brainchild of a grayhat hacker, as evidenced by a cryptographically signed message it displays every 10 minutes or so on terminals. The message reads:
Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!Another sign Hajime is a vigilante-style project intended to disrupt Mirai and similar IoT botnets: It blocks access to four ports known to be vectors used to attack many IoT devices. Hajime also lacks distributed denial-of-service capabilities or any other attacking code except for the propagation code that allows one infected device to seek out and infect other vulnerable devices.
Is it right for geeks to use their powers in this way?
(Score: 0) by Anonymous Coward on Wednesday May 03 2017, @03:21PM (13 children)
Is it right for geeks to use their powers in this way?
No for two reasons.
First, the weaker reason is that it's an abuse of others' property.
Secondly, it's not the responsibility of geeks to go around fixing other people's fuck ups for free.
(Score: 0) by Anonymous Coward on Wednesday May 03 2017, @03:37PM (8 children)
it's not the responsibility of geeks to go around fixing other people's fuck ups for free.
You're so right. Fuck the GNU Project, Fuck Linux, Fuck Free Software, Fuck GitHub, and Fuck Open Source.
Fuck You, Pay Me!!!
(Score: 0) by Anonymous Coward on Wednesday May 03 2017, @03:53PM (7 children)
Haha. You're being complete disingenuous, but whatever.
Or maybe you're just autistic. It's difficult to tell on the internet.
Let me qualify my statement. It's not the responsibility of geeks to go around fixing paid employees' fuck ups in proprietary devices for free.
(Score: 0, Insightful) by Anonymous Coward on Wednesday May 03 2017, @03:58PM (6 children)
Non-free devices are immoral. You fix them by smashing the device with a hammer.
(Score: -1, Flamebait) by Anonymous Coward on Wednesday May 03 2017, @04:21PM (5 children)
The Kool-Aid is strong here.
FUCK LINUX!
(Score: 0) by Anonymous Coward on Wednesday May 03 2017, @04:45PM (4 children)
A penguin bit my sister.
(Score: 0) by Anonymous Coward on Wednesday May 03 2017, @05:17PM (1 child)
and???
Does she have the proportionate strength of a penguin?
(Score: 0) by Anonymous Coward on Wednesday May 03 2017, @06:36PM
With great Linux comes great responsibility.
(Score: 0) by Anonymous Coward on Wednesday May 03 2017, @07:02PM (1 child)
First a moose, and now a penguin. Your sister really needs to avoid the zoo.
(Score: 0) by Anonymous Coward on Wednesday May 03 2017, @07:14PM
Tøø late. She was bit by a gnü [soylentnews.org] alsø.
(Score: 2, Insightful) by WillR on Wednesday May 03 2017, @04:12PM
(Score: 3, Insightful) by DannyB on Wednesday May 03 2017, @04:19PM (2 children)
I don't think it is right for geeks to go fixing others' devices. But I can definitely understand their motivations if their own infrastructure is massively attacked by a million internet connected thermostats and webcams.
The vigilantes may be the victims of attacks from the IoT devices. The costs of these attacks may cause the victims to resort to such actions. Especially if they have the IP addresses of the attacking devices.
I think the solution is to put the victim's costs upon the manufacturers of the IoT devices.
The lower I set my standards the more accomplishments I have.
(Score: 2) by archfeld on Wednesday May 03 2017, @07:28PM (1 child)
Is it vigilantism to defend your network from attack from a source you can respond to ? I think it might be rightly characterized as justifiable or standing your ground if you could provide proof positive of the source and means of the attack. My network is part of my castle, and resides on my private property.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 2) by DannyB on Wednesday May 03 2017, @09:11PM
I'm not trying to disagree with you. As I said, I can understand the motivations.
However, the other side could argue that if you know the IP addresses of the sources, then you, or maybe with help from your upstream provider, you could block the bulk of the attack.
Of course, my solution is to make the manufacturers liable for the damages. Then we prevent most of the problem from happening rather than figuring out how to address the attacks.
The lower I set my standards the more accomplishments I have.