SoylentNews is people
SoylentNews
An Ars Technica story from 17 April, 2017 introduced us to Hajime, the vigilante botnet that infects IoT devices before blackhats can hijack them. A technical analysis published Wednesday reveals for the first time just how much technical acumen went into designing and building the renegade network, which just may be the Internet's most advanced IoT botnet.
Hajime [PDF] was first reported on in October, 2016 by Sam Edwards and Ioannis Profetis, security researchers at Rapidity Networks, a Boulder, CO based ISP.
As previously reported, Hajime uses the same list of user name and password combinations used by Mirai, the IoT botnet that spawned several record-setting denial-of-service attacks last year. Once Hajime infects an Internet-connected camera, DVR, and other Internet-of-things device, the malware blocks access to four ports known to be the most widely used vectors for infecting IoT devices. It also displays a cryptographically signed message on infected device terminals that describes its creator as "just a white hat, securing some systems."
Not your father's IoT botnet
But unlike the bare-bones functionality found in Mirai, Hajime is a full-featured package that gives the botnet reliability, stealth, and reliance that's largely unparalleled in the IoT landscape. Wednesday's technical analysis, which was written by Pascal Geenens, a researcher at security firm Radware, makes clear that the unknown person or people behind Hajime invested plenty of time and talent.
From the Ars Technica piece:
Hajime uses a decentralized peer-to-peer network to issue commands and updates to infected devices. This design makes it more resistant to takedowns by ISPs and Internet backbone providers. Hajime uses the same list of user name and password combinations Mirai uses, with the addition of two more. It also takes steps to conceal its running processes and files, a feature that makes detecting infected systems more difficult. Most interesting of all: Hajime appears to be the brainchild of a grayhat hacker, as evidenced by a cryptographically signed message it displays every 10 minutes or so on terminals. The message reads:
Just a white hat, securing some systems.
Important messages will be signed like this!
Hajime Author.
Contact CLOSED
Stay sharp!Another sign Hajime is a vigilante-style project intended to disrupt Mirai and similar IoT botnets: It blocks access to four ports known to be vectors used to attack many IoT devices. Hajime also lacks distributed denial-of-service capabilities or any other attacking code except for the propagation code that allows one infected device to seek out and infect other vulnerable devices.
Is it right for geeks to use their powers in this way?
(Score: 2) by maxwell demon on Wednesday May 03 2017, @11:13PM (3 children)
My comment started (after the quote) with
Let's look for those words in the quote:
So it's being a fool (→ either) vs. being an evil person (→ or).
In case you didn't get the point (quite likely, given that you didn't figure out what I was talking about):
The pair either/or [merriam-webster.com] means:
So by using "either" in the above quote you claimed that it is not possible to be both a fool and an evil person. I disputed that claim.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by NotSanguine on Wednesday May 03 2017, @11:30PM (2 children)
My comment started (after the quote) with
Either/or?
Let's look for those words in the quote:
Anyone who is against all regulation is either a fool, or an evil person profiting from a filthy environment or lack of worker safety.
So it's being a fool (→ either) vs. being an evil person (→ or).
In case you didn't get the point (quite likely, given that you didn't figure out what I was talking about):
The pair either/or means:
an unavoidable choice or exclusive division between only two alternatives
So by using "either" in the above quote you claimed that it is not possible to be both a fool and an evil person. I
I didn't claim anything. It was another poster [soylentnews.org] who made that claim.
I simply asked you to clarify. Thanks for doing so.
I wasn't being snarky (in fact, I said just that). It's been a long day, so I guess I'm not at my best.
I don't really take offence to your (apparently) snarky reply, although it did seem a bit excessive. However, if you thought it was me that posed the 'either/or' scenario, I can see where you might be annoyed.
However, I simply asked you to clarify. Do you react similarly when one asks you to repeat whether you'd like HP, vinegar or perhaps salad cream on your chips?
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by maxwell demon on Thursday May 04 2017, @12:09AM (1 child)
Oops, sorry, I didn't notice that.
There's a big difference between the spoken word which is gone as soon as you spoke it and which therefore is easy to miss, and the written word that is in front of you and can be read as often as you want. No, if I said it, and he said he didn't understand and asked me to repeat it, I'd just repeat it. Yes, if I had written it down in clearly legible writing, which he just read aloud in front of me, and he'd still ask me again, then I might indeed point out that I've written down my answer and he just read it aloud, so he really should know.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by NotSanguine on Thursday May 04 2017, @03:16AM
But you didn't answer the most important question.
Is it HP? Vinegar? Salad cream? Something else? :)
No, no, you're not thinking; you're just being logical. --Niels Bohr