Hackers Turn Security Camera DVRs Into Worst Bitcoin Miners Ever

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/2014/04/hikvision/

BY ROBERT MCMILLAN
Enterprise
Wired.com
04.01.14

Here's something we haven't seen before: security camera recorders hacked 
and used to mine bitcoin.

The issue was first reported by Johannes Ullrich, an instructor at the 
SANS Technology Institute -- a computer security training organization. 
Last Friday, he discovered malicious software infecting the Hikvision DVRs 
used to record video from security cameras. The malware jumps from device 
to device, trying to infect any other machines it can find on the network. 
But it also tries to earn a little scratch for its creators by mining 
bitcoins, a processor-intensive activity that would probably slow down any 
infected DVR.

Though this is a novel method, it's hardly the first time hackers have 
tried to bust their way into other people's hardware in order to make some 
bitcoin, the popular digital currency. The bitcoin system is run by 
independent machines spread across the globe, and if you contribute 
processing power to the system, you receive some bitcoin in return. This 
is called mining, and hackers often seek to mine using any machines they 
can gain control of -- including security camera DVRs.

Most malicious software is written for Linux or Windows machines, but 
Ullrich has seen this new malware infect routers and DVRs in the past. 
That usually happens accidentally when a worm written for a Windows or 
Linux system spreads to strange devices that happen to be running the same 
operating system. But here, the malicious code "was actually complied for 
the ARM processor that's running these devices, he says, "so they kind of 
knew what they were into." Since Friday, Ullrich has also spotted the 
malware running on a router. He couldn’t immediately be reached for 
comment.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/