Monday, October 26, 2015

Exploiting The Internet Of Things

Whoever came up with the concept of a Botnet is an evil genius motherfucker.

Now some other clever bastard has found a unique way to exploit their use.


Botnets that runs on CCTVs and networked storage devices discovered

 

Researchers at Incapsula have discovered a botnet that runs on compromised CCTV cameras. There are hundreds of millions, if not billions, of these in the field, and like many Internet of Things devices, their security is an afterthought and not fit for purpose.
The botnet that Incapsula discovered was being used to direct HTTP flood attacks at 20,000 requests per second, originating from 900 CCTVs all over Earth. The researchers have identified another botnet running on network attached storage devices.
While the botnets running on these devices don't harm their owners very much (apart from using up some of their bandwidth), the fact that cameras aimed at potentially sensitive locations and drives holding sensitive data are being compromised at scale by Internet-based attackers suggests some ways in which the owners of these devices could also be victimized by their lack of security.
All compromised devices were running embedded Linux with BusyBox—a package of striped-down common Unix utilities bundled into a small executable, designed for systems with limited resources.
The malware we found inside them was an ELF binary for ARM named (.btce) a variant of the ELF_BASHLITE (a.k.a. Lightaidra and GayFgt) malware that scans for network devices running on BusyBox, looking for open Telnet/SSH services that are susceptible to brute force dictionary attacks.

Seriously, who comes up with this shit?

 

2 comments:

Stackz O Magz said...

That shit is way too high up on the programming scale for my brain to comprehend. I speak a little code, but nothing like these cats are capable of. Yeah, let's connect fucking everything to the interwebz. What a great idea...

Unknown said...
This comment has been removed by a blog administrator.

Fair Use Notice

Fair Use Statement: This site may contain copyrighted material, the use of which may not have been authorized by the copyright owner. I am making such material available in an effort to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. I believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: “http://www.law.cornell.edu/uscode/17/107.shtml” If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.