Announcement

Collapse
No announcement yet.

BotFarm made of IoT devices caused yesterdays Internet DDoS attack

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    BotFarm made of IoT devices caused yesterdays Internet DDoS attack

    http://www.bbc.com/news/technology-37738823


    Hackers used internet-connected home devices, such as CCTV cameras and printers, to attack popular websites on Friday, security analysts say.
    Twitter, Spotify, and Reddit were among the sites taken offline on Friday.


    Each uses a company called Dyn, which was the target of the attack, to direct users to its website.
    Security analysts now believe the attack used the "internet of things" - web-connected home devices - to launch the assault.
    ...
    The "global event" involved "tens of millions" of internet addresses.
    It gets worse:
    Security firm Flashpoint said it had confirmed that the attack used "botnets" infected with the "Mirai" malware.


    Many of the devices involved come from Chinese manufacturers, with easy-to-guess usernames and passwords that cannot be changed by the user - a vulnerability which the malware exploits.


    "Mirai scours the Web for IoT (Internet of Things) devices protected by little more than factory-default usernames and passwords," explained cybersecurity expert Brian Krebs, "and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users."


    The owner of the device would generally have no way of knowing that it had been compromised to use in an attack, he wrote.
    And worse:
    http://news.softpedia.com/news/sourc...r-508864.shtml
    Mirai is a DDoS trojan that targets Linux systems, and more precisely architectures deployed with IoT devices.


    The trojan appeared at the start of September 2016, and according to a security researcher named MalwareMustDie!, Mirai is an improved version of another DDoS trojan known under different names such as Bashlite, GayFgt, LizKebab, Torlus, Bash0day, and Bashdoor.
    Because Linux is free a LOT of device makers use Linux on their Firmware. Because Linux is burned into the firmware the name and password cannot be changed from the factory default, AND, neither can security updates be applied unless the new firmware code is burned onto the EPROMS, if the devices have EPROMS and not PROMS.

    And, the culprits are not who you might think they are:
    Mirai’s author, a coder that goes by the name of Anna-senpai, has released on Saturday the trojan’s source code on the notorious Hack Forums portal.


    According to the crook, he took the decision to release Mirai’s source because of the recent DDoS attacks against the website of Brian Krebs, an infosec journalist.

    At the start of the month, Krebs exposed a DDoS-for-Hire service, which concluded with the arrest of the two Israelis suspected of running the service. Soon after, DDoS attacks started hitting Krebs’ website, first small, and then larger and larger.
    While 80% of the Internet is running on Linux servers the infected agents were not other Linux Internet servers, but IoT devices; CCTV, home security and environmental control devices, Refrigerators and maybe even toasters. I suspect that this DDoS attack revealed a serious hole in America's and the world's Internet security, a hole which could have been used at the beginning of hostile actions by malevolent psychotic International forces. Can you sense rapid legal action to restrict or cut off access of IoT devices to the web? All those neat little iPhone and Android apps that control BX-10 devices that control lights, air conditioning, entertainment devices, door locks and garage doors might stop working if they do not have mandated changes in the ability to change the login names and passwords.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    help free media road novel time ducked German the ignoring mine football detail utopia nice heavy deliver amber thread like playful today fried falling space volume highlight not Windows ready light tomorrow other gigantic bush rugby cooking tonight aswell quiet
    systemd is not for me. I am a retro Nintendo gamer. consoles I play on are, SNES; N64; GameCube and WII.
    Host: mx Kernel: 4.19.0-6-amd64 x86_64 bits: 64 compiler: gcc v: 8.3.0 Desktop: Trinity R14.0.8 tk: Qt 3.5.0 info: kicker wm: Twin 3.0 base: Debian GNU/Linux 10

    Comment


      #3
      Originally posted by NickStone View Post
      help free media road novel time ducked German the ignoring mine football detail utopia nice heavy deliver amber thread like playful today fried falling space volume highlight not Windows ready light tomorrow other gigantic bush rugby cooking tonight aswell quiet
      57686174207468652068656c6c20776173207468617420404e 69636b53746f6e65

      56494e4e59
      i7 4core HT 8MB L3 2.9GHz
      16GB RAM
      Nvidia GTX 860M 4GB RAM 1152 cuda cores

      Comment


        #4
        Lol!
        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
        – John F. Kennedy, February 26, 1962.

        Comment


          #5
          Originally posted by GreyGeek View Post
          Lol!
          it actually dose say something

          O and I always expected that those "internet of things" - web-connected home devices would show an ugly head at some point ,,,,a hacked smart home could be burglarized with ease was my original thought ,,,,,,,but this ,,,,,how novel .

          VINNY
          Last edited by vinnywright; Oct 22, 2016, 09:19 PM.
          i7 4core HT 8MB L3 2.9GHz
          16GB RAM
          Nvidia GTX 860M 4GB RAM 1152 cuda cores

          Comment


            #6
            الإنترنت من الأشياء يبرهن على أنه فوضى الصحيح مع الناس الذين ليس لديهم المهارات أن تكون قادرة على إعداد أجهزة والاتصال بالإنترنت ولكن لديها أي اعتبار للأمن.
            Last edited by NickStone; Oct 23, 2016, 04:32 AM.
            systemd is not for me. I am a retro Nintendo gamer. consoles I play on are, SNES; N64; GameCube and WII.
            Host: mx Kernel: 4.19.0-6-amd64 x86_64 bits: 64 compiler: gcc v: 8.3.0 Desktop: Trinity R14.0.8 tk: Qt 3.5.0 info: kicker wm: Twin 3.0 base: Debian GNU/Linux 10

            Comment


              #7
              物事のインターネットは、デバイスをセットアップし、インターネットに接続できるようにするためのスキルを 持っていますが、セキュリティには敬意を持っていません人との真の混乱であることが証明されて います。

              Comment


                #8
                I love automatic translation. You start in one language, then translate to a dozen other languages, then back to the original to see what you get.

                Things, set up the device, you have the ability to be able to connect to the Internet, it has proven to be disrespectful confused real security.

                Hmmm.... Deep.

                Comment


                  #9
                  Can you recommend a good translator? One that might translate an entire sentence at a time?
                  An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

                  Comment


                    #10
                    No. The Google one is decent, but it makes mistakes and if you translate translations those mistakes start to get pretty huge. I think a perfect language translator is decades away.

                    Comment


                      #11
                      No. The Google one is decent, but it makes mistakes and if you translate translations those mistakes start to get pretty huge. I think a perfect language translator is decades away.
                      Which confirms my experience and explains why I asked the question. Thanks.
                      An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

                      Comment


                        #12
                        Originally posted by whatthefunk View Post
                        物事のインターネットは、デバイスをセットアップし、インターネットに接続できるようにするためのスキルを 持っていますが、セキュリティには敬意を持っていません人との真の混乱であることが証明されて います。

                        Google does a terrible job:
                        Internet of things, set up the device, you have the skills to be able to connect to the Internet, has been proven to be the security is true of confusion with does not have the respect people .
                        Systranet.com is not much better:
                        Internet of phenomenon sets up the device, has the skill in order to try to be able to connect to Internet, but being true confusion of the person who does not have respect is proven to security.
                        And, BabelFish didn't work.

                        My rendition:
                        "Internet of Things: You set up the device to connect to the Internet if you have the skills, but IoT devices do not have a good record of security and are not trusted."
                        Last edited by GreyGeek; Oct 23, 2016, 01:36 PM.
                        "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                        – John F. Kennedy, February 26, 1962.

                        Comment


                          #13
                          But, But, But... Doesn't Google(r) Need more respect people?

                          I mean, their self esteem must be just getting crushed, simply Crushed!, by all the harsh criticism bestowed on them lately.

                          Let's create a Safe Space, just for Google(r) Translators. I propose the unemployment line in all major cities should have a separate (but Equal!) line for all ex-Google(r) employees. It seems only fair

                          This is what the OTHER unemployment line will look like:

                          Last edited by TWPonKubuntu; Oct 23, 2016, 11:07 AM. Reason: Hmmm, smilies don't work today?
                          Kubuntu 24.11 64bit under Kernel 6.12.3, Hp Pavilion, 6MB ram. Stay away from all things Google...

                          Comment


                            #14
                            Originally posted by Qqmike View Post
                            Can you recommend a good translator? One that might translate an entire sentence at a time?
                            I find this one works for common (non-jargon) sentences.

                            Comment


                              #15
                              That is what gets most translators. You can't use expressions that are common in one language and expect it to translate properly. It actually can get you a slap in the face.


                              EDIT: What every one needs is a Babel Fish
                              Last edited by MoonRise; Oct 23, 2016, 12:37 PM.

                              Comment

                              Working...
                              X