Internet of Things Botnet Menace

Forget self-aware AI systems taking over the world. If you read the hype over DDoS attacks you’d be forgiven for thinking an army of internet connected devices was on the march, herded by a gang of amateur criminals – the IoT bites back!

This isn’t about anything new, but the fact it’s being used in recent record-breaking DDoS attacks has brought the matter to the fore.

And then yesterday the code for the two main botnets, Miari, turned up, posted on Hackerforums by its originator, probably. The other similar botnet is known as Bashlight, but I understand it works in the same way and attacks the same devices. Originators of such code usually dump them in the public domain when they feel that they’re about to be busted. It makes it harder to prove they’re behind an attack when other people have, and are likely using, the same code.

A look at the code itself confirms what many have suspected for a long time; some CCTV equipment can be appropriated for naughty purposes. Unfortunately the affected equipment originates in China and is sold to a wide variety of companies who put their own badge on it, and sometimes customise the software. It’s basically a generic network-enabled Digital Video Recorder (DVR), with the generic name H.264 Recorder. Getting it all patched isn’t going to happen as there is no update mechanism, but if people changed their password to something hard to guess, rather than leaving it as the default 1234, the world would be a better place.

I’ve been looking at this type of CCTV equipment for over decade, ordering an embaressing number of samples from Alibaba and the like and building up a collection to rival my disparate VoIP endpoints. They have a lot in common – very little I the way of security or robustness in the face of attack. My advice to anyone using such kit is to install it behind NAT and use a VPN to access it externally.

But getting back to my theme, the media hype suggests that all sorts of IoT things have been hijacked. Unless I see any evidence to the contrary, this is simply not true. The CODE released targets one type of network DVR, and, in reality, it can’t even persist if the device is power-cycled. However, reports suggest that the time taken for the botnet to re-establish itself is very short.

I’ll be updating this article in the next few days once I’ve checked out a few facts concerning the code.

Anonymous to attack World Cup sponsors

According to an article in the Guardian, Anonymous is planning attacks on World Cup sponsors to coincide with the football tournament in a few days time. Whilst I certainly disapprove of all types of cybercrime, I have to admit that the rationale for such an escapade has my sympathy.

Someone calling himself Che Commodore has claimed to be part of the Anonymous collective, and is a name that popped up a lot last year in connection with Anonymous Brazil. He’s hacked off because the Brazilian government is spending loads of money on a football tournament while people in the country are starving (putting the case directly and emotively). Attacking the commercial sponsors for colluding with this is an obvious choice.

Is he serious about the threat? The Guardian figures he must be, because he wouldn’t be boasting about it early unless everything was in place. I’m less convinced. Forewarning allows sites to get ready to use scrubbing centres against DDoS attacks. Is it really a “watch this space”, or is it a bluff? In the absence of any evidence that the self-styled Anonymous Brazil has the capabilities to carry out such an attack, I have to disagree with the Guardian (once again) and go with it being a bluff. But it’s a good one, as it’s raised awareness of the warped priorities that lead to huge amounts of money being spent on sports tournaments, in excesses reminiscent of the circus maximus. But you can only bluff once, and I suspect Mr Commodore’s stunt isn’t going to go down well with other users of the anonymous Moniker.

Personally I’m already boycotting as many of the sponsors as I can, but the intrigue has got me marginally interested in the World Cup for the first time ever.