Stories
Slash Boxes
Comments

SoylentNews is people

A Vigilante is Putting a Huge Amount of Work Into Infecting IoT Devices

posted by on Wednesday May 03 2017, @03:00PM   Printer-friendly
from the Using-1337-powers-for-good dept.

Phoenix666 writes:

An Ars Technica story from 17 April, 2017 introduced us to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet's most advanced IoT botnet.

Hajime [PDF] was first reported on in October, 2016 by Sam Edwards and Ioannis Profetis, security researchers at Rapidity Networks, a Boulder, CO based ISP.

As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems."

Not your father's IoT botnet

But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape. Wednesday's technical analysis, which was written by Pascal Geenens, a researcher at security firm Radware, makes clear that the unknown person or people behind Hajime invested plenty of time and talent.

From the Ars Technica piece:

Hajime uses a decentralized peer-to-peer network to issue commands and updates to infected devices. This design makes it more resistant to takedowns by ISPs and Internet backbone providers. Hajime uses the same list of user name and password combinations Mirai uses, with the addition of two more. It also takes steps to conceal its running processes and files, a feature that makes detecting infected systems more difficult. Most interesting of all: Hajime appears to be the brainchild of a grayhat hacker, as evidenced by a cryptographically signed message it displays every 10 minutes or so on terminals. The message reads:

Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!

Another sign Hajime is a vigilante-style project intended to disrupt Mirai and similar IoT botnets: It blocks access to four ports known to be vectors used to attack many IoT devices. Hajime also lacks distributed denial-of-service capabilities or any other attacking code except for the propagation code that allows one infected device to seek out and infect other vulnerable devices.

Is it right for geeks to use their powers in this way?

Original Submission

 
This discussion has been archived. No new comments can be posted.
A Vigilante is Putting a Huge Amount of Work Into Infecting IoT Devices | Log In/Create an Account | Top | 70 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by DannyB on Wednesday May 03 2017, @09:08PM (3 children)

    by DannyB (5839) Subscriber Badge on Wednesday May 03 2017, @09:08PM (#503943) Journal

    That seems like asking if I still beat my wife or not.

    It is a simple fact that there was a proposed law to make spam illegal.
    It is another fact that the Direct Marketing Association lobbied to kill it.

    It is also a fact that we have laws to make things illegal. Call it 'regulation' if you like. We make things illegal like: robbery, rape, murder. Maybe one day: spam.

    When I sarcastically say "the government will really help", I really mean: don't expect the government to help. The government is corrupt. Bought and paid for by lobbyists.

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by tangomargarine on Wednesday May 03 2017, @09:15PM (1 child)

    by tangomargarine (667) on Wednesday May 03 2017, @09:15PM (#503951)

    Oh, spam mail. I guess that makes more sense, lol. I had originally read your post as:

    "There was a bill under consideration to make SPAM illegal. You can of course see how I would feel about this."
    "Umm...not really. Maybe you find SPAM tasty? Maybe you don't?"

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"

    • (Score: 2) by DannyB on Wednesday May 03 2017, @09:32PM

      by DannyB (5839) Subscriber Badge on Wednesday May 03 2017, @09:32PM (#503973) Journal

      It's not like they were going to criminalize smoking or professional sports.

      --
      To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.

  • (Score: 0) by Anonymous Coward on Friday May 05 2017, @04:05PM

    by Anonymous Coward on Friday May 05 2017, @04:05PM (#504952)

    That seems like asking if I still beat my wife or not.

    How hard is it to reply "I have never, nor will I ever, physically assault a fellow human being"?