CCTV Cameras Form Botnet
Wednesday, October 28, 2015 @ 10:10 AM gHale
Over 900 CCTV cameras with default or weak login credentials ended up hacked into and brought together into a global botnet, researchers said.
A dictionary brute-force attack allowed the attackers to get into the CCTV systems and take them over, said researchers at Incapsula.
It appears whoever configured the devices ended up using weak login SSH or Telnet passwords and didn’t change the default ones at all, or left the cameras open to outside connections, researchers said in a blog.
All compromised CCTV systems were running BusyBox, a stripped-down version of the Linux operating system, specifically built to run on IoT devices with limited memory and CPU resources, Incapsula researchers said.
After the devices suffered compromise via brute-force login attacks, .btce malware ended up dropped on their system, along with malware derived from ELF_BASHLITE (also known as GayFgt and Lightaidra), a malware family specially designed for BusyBox setups running on ARM architectures.
All infected devices launched distributed denial of service (DDoS) attacks using HTTP GET request floods. The DDoS attack mainly ended up carried out against a well-known cloud service provider.
One of the devices researchers studied sent over 20,000 HTTP requests per second. Another device had multiple brute-force attacks and logins recorded in its logs from different IP addresses, meaning it suffered more than one hack.