NEWS
NEWS
NEWS
Big Brother is DDoSing you: Botnet running on 25,000+ CCTV cameras discovered
What if you were to discover that the face of Big Brother in 2016, CCTV cameras, were under the control of hackers and were being used to bring down websites in Distributed Denial of Service (DDoS) attacks?
That Orwellian nightmare is actually now true, with a security firm discovering a network of over 25,000 CCTV cameras doing exactly that.
Sucuri, Inc. made the discovery when investigating an attack against an ordinary jewelry store that was flooded offline after constantly receiving 35,000 junk HTTP requests per second over a period of a number of days. When Sucuri attempted to thwart the attack, the botnet actually upped its output and dumped more than 50,000 HTTP requests per second on the store’s website.
“Since this type of long-duration DDoS is not so common, we decided to dive into what the attackers were doing, and to our surprise, they were leveraging only IoT (Internet of Things) CCTV devices as the source of their attack botnet,” the company said in a blog post.
Researchers a Sucuri queried a number of the boxes participating in the DDoS attack and found that all of them were running a “Cross Web Server” that had a default web page called “DVR Components.” Further investigation found that the malicious IPs also contained the company logos of resellers of CCTV services and the common thread was that all the devices were running a Unix-based set of utility tools called BusyBox.
To hide their identities the malicious devices were cloaking themselves to appear, as they were, common user agents such as web browsers, and also displayed false referral data showing they’d most recently come from sites including Google and USA Today.
Infected CCTV installs were found in 104 countries, with the Taiwan topping the list with 24 percent of IP addresses, followed by the United States with 12 percent, Indonesia with 9 percent, Mexico with 9 percent and Malaysia with 6 percent.
Fix
Sucuri said there was nothing web site owners could do to get the 25,000+ CCTVs fixed and protected, however, they do encourage online camera users or vendors to make sure their systems are fully patched and isolated from the internet.
“We are in the process of reaching out to the networks that have these unprotected and compromised cameras, but that’s just one small piece of the problem,” the company noted. “Once the cameras are patched, the attackers will find other easily hacked devices for their botnets.”
Image credit:
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
