Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re Hacked Cameras, DVRs Powered Today's Massive Internet Outage

From: "Dave Farber" <farber () gmail com>
Date: Sun, 23 Oct 2016 20:22:10 -0400



Begin forwarded message:


From: Ridgely Evers <rce () evers org>
Date: October 23, 2016 at 8:09:33 PM EDT
To: dave () farber net
Subject: Re: [IP] Re Hacked Cameras, DVRs Powered Today's Massive Internet Outage

There's a case to be made for it being Russian-sponsored, as a warning of their capabilities should the US decide to 
retaliate for the pre-election hacking...

--Ridge


On Oct 23, 2016, at 4:06 PM, Dave Farber <farber () gmail com> wrote:

Maybe someone was practicing and intervention that would take place at some critical time and cause panic. Suppose 
that happened during 911 event!!


Begin forwarded message:


From: Doug Humphrey <doug () joss com>
Date: October 23, 2016 at 6:02:47 PM EDT
To: "dave () farber net" <dave () farber net>
Cc: ip <ip () listbox com>
Subject: Re: [IP] Hacked Cameras, DVRs Powered Today's Massive Internet Outage

the question should be asked WHY this attack was staged?  it gave away 
the IP addresses of millions of attack assets - it was clearly deliberate - it 
is unlikely it was done by 4CHAN because someone was hurting cats - so
who did it but really WHY was it done?

doug



On Oct 22, 2016, at 9:02 AM, Dave Farber <farber () gmail com> wrote:




Begin forwarded message:


From: Hendricks Dewayne <dewayne () warpspeed com>
Date: October 22, 2016 at 7:10:12 AM EDT
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Subject: [Dewayne-Net] Hacked Cameras, DVRs Powered Today's Massive Internet Outage
Reply-To: dewayne-net () warpspeed com

Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
By Brian Krebbs
Oct 21 2016
<https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/>

A massive and sustained Internet attack that has caused outages and network congestion today for a large number 
of Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras 
and digital video recorders, new data suggests.

Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that 
provides critical technology services to some of the Internet’s top destinations. The attack began creating 
problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and 
Netflix.

At first, it was unclear who or what was behind the attack on Dyn. But over the past few hours, at least one 
computer security firm has come out saying the attack involved Mirai, the same malware strain that was used in 
the record 620 Gpbs attack on my site last month. At the end September 2016, the hacker responsible for creating 
the Mirai malware released the source code for it, effectively letting anyone build their own attack army using 
Mirai.

Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and 
then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate 
legitimate visitors or users.

According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a 
Mirai-based botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing 
attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP 
cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are 
sold downstream to vendors who then use it in their own products.

“It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now 
attacking the United States,” Nixon said, noting that Flashpoint hasn’t ruled out the possibility of multiple 
botnets being involved in the attack on Dyn.

“At least one Mirai [control server] issued an attack command to hit Dyn,” Nixon said. “Some people are 
theorizing that there were multiple botnets involved here. What we can say is that we’ve seen a Mirai botnet 
participating in the attack.”

As I noted earlier this month in Europe to Push New Security Rules Amid IoT Mess, many of these products from 
XiongMai and other makers of inexpensive, mass-produced IoT devices are essentially unfixable, and will remain a 
danger to others unless and until they are completely unplugged from the Internet.

That’s because while many of these devices allow users to change the default usernames and passwords on a 
Web-based administration panel that ships with the products, those machines can still be reached via more 
obscure, less user-friendly communications services called “Telnet” and “SSH.”

Telnet and SSH are command-line, text-based interfaces that are typically accessed via a command prompt (e.g., in 
Microsoft Windows, a user could click Start, and in the search box type “cmd.exe” to launch a command prompt, and 
then type “telnet” to reach a username and password prompt at the target host).

[snip]

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>



Archives  | Modify Your Subscription | Unsubscribe Now     




Archives  | Modify  Your Subscription | Unsubscribe Now       




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161023202217:E9B43B34-997F-11E6-B1B6-78B5EF10038B
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: