Re Hacked Cameras, DVRs Powered Today's Massive Internet Outage

["Dave Farber" <farber () gmail com>]

Maybe someone was practicing and intervention that would take place at some critical time and cause panic. Suppose that 
happened during 911 event!!


Begin forwarded message:

> From: Doug Humphrey <doug () joss com>
> Date: October 23, 2016 at 6:02:47 PM EDT
> To: "dave () farber net" <dave () farber net>
> Cc: ip <ip () listbox com>
> Subject: Re: [IP] Hacked Cameras, DVRs Powered Today's Massive Internet Outage
>
> the question should be asked WHY this attack was staged?  it gave away 
> the IP addresses of millions of attack assets - it was clearly deliberate - it 
> is unlikely it was done by 4CHAN because someone was hurting cats - so
> who did it but really WHY was it done?
>
> doug
>
>
> > On Oct 22, 2016, at 9:02 AM, Dave Farber <farber () gmail com> wrote:
> >
> >
> >
> >
> > Begin forwarded message:
> >
> > > From: Hendricks Dewayne <dewayne () warpspeed com>
> > > Date: October 22, 2016 at 7:10:12 AM EDT
> > > To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
> > > Subject: [Dewayne-Net] Hacked Cameras, DVRs Powered Today's Massive Internet Outage
> > > Reply-To: dewayne-net () warpspeed com
> > >
> > > Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
> > > By Brian Krebbs
> > > Oct 21 2016
> > > <https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/>
> > >
> > > A massive and sustained Internet attack that has caused outages and network congestion today for a large number of 
> > > Web sites was launched with the help of hacked “Internet of Things” (IoT) devices, such as CCTV video cameras and 
> > > digital video recorders, new data suggests.
> > >
> > > Earlier today cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that 
> > > provides critical technology services to some of the Internet’s top destinations. The attack began creating 
> > > problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and 
> > > Netflix.
> > >
> > > At first, it was unclear who or what was behind the attack on Dyn. But over the past few hours, at least one 
> > > computer security firm has come out saying the attack involved Mirai, the same malware strain that was used in the 
> > > record 620 Gpbs attack on my site last month. At the end September 2016, the hacker responsible for creating the 
> > > Mirai malware released the source code for it, effectively letting anyone build their own attack army using Mirai.
> > >
> > > Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and 
> > > then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate 
> > > legitimate visitors or users.
> > >
> > > According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based 
> > > botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built 
> > > on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a 
> > > Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to 
> > > vendors who then use it in their own products.
> > >
> > > “It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now 
> > > attacking the United States,” Nixon said, noting that Flashpoint hasn’t ruled out the possibility of multiple 
> > > botnets being involved in the attack on Dyn.
> > >
> > > “At least one Mirai [control server] issued an attack command to hit Dyn,” Nixon said. “Some people are theorizing 
> > > that there were multiple botnets involved here. What we can say is that we’ve seen a Mirai botnet participating in 
> > > the attack.”
> > >
> > > As I noted earlier this month in Europe to Push New Security Rules Amid IoT Mess, many of these products from 
> > > XiongMai and other makers of inexpensive, mass-produced IoT devices are essentially unfixable, and will remain a 
> > > danger to others unless and until they are completely unplugged from the Internet.
> > >
> > > That’s because while many of these devices allow users to change the default usernames and passwords on a Web-based 
> > > administration panel that ships with the products, those machines can still be reached via more obscure, less 
> > > user-friendly communications services called “Telnet” and “SSH.”
> > >
> > > Telnet and SSH are command-line, text-based interfaces that are typically accessed via a command prompt (e.g., in 
> > > Microsoft Windows, a user could click Start, and in the search box type “cmd.exe” to launch a command prompt, and 
> > > then type “telnet” to reach a username and password prompt at the target host).
> > >
> > > [snip]
> > >
> > > Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>
> > Archives  | Modify Your Subscription | Unsubscribe Now     



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20161023190656:62AEBD4E-9975-11E6-8AC6-A5FBEF10038B
Powered by Listbox: http://www.listbox.com