Trio Admits Hijacking Home Devices
Three Americans have plead guilty to hijacking more than 100,000 internet-connected devices. The group of infected machines (known as a "botnet") was then used to attack websites using a distributed denial of service attack (DDoS) to make websites unavailable.
While most DDoS attacks are carried out on PCs, this attack in particular targeted weaknesses in smaller devices that use the Internet. This included routers, digital video recorders and wireless cameras. That's a significant point, as the tech security community has generally treated security flaws in such devices as a lower priority than those typically PCs.
The guilty pleas came from Paras Jha and Dalton Norman, both aged 21, and Josiah White, aged 20. All three admitted infecting the machines to create the botnet, known by security researchers as "Mirai." (Source: justice.gov)
Internet 'Phonebook' Rendered Useless
After testing its powers, the group made access to the botnet publicly available. It was then used by others to carry out a distributed denial of service attack on web servers until the servers were unable to cope with the demand, then becomes inaccessible.
Normally such attacks target specific websites, often for blackmail or political reasons. In this case it was used against one of the companies that operates a DNS register. That's the "Internet phonebook" which translates a website address (such as infopackets.com) into the IP address, a number that identifies the specific server or computer where the site pages are physically stored. Effectively, many websites simply wouldn't load when the attack was carried out.
DVRs Clicked On Web Ads
Following this attack, Jha and Norman created a new botnet of Internet-connected devices and used it for click fraud. In this scenario a web owner uses a botnet of infected machines to click on their own advertisements (ads which are for other companies, typically hosted by Google). Each time an ad is clicked, the web owner gets paid.
Jha also admitted to attacking the computer network of Rutgers University in his home state of New Jersey. That attack appeared to be more about knocking the network offline (which he did for several days at a time) rather than stealing data.
As part of a deal to plead guilty, Jha will be sentenced to up to 10 years in prison, while Norman and White could both get up to five years. (Source: bbc.co.uk)
What's Your Opinion?
Did you realize that devices like DVRs and wireless cameras could be used to launch such attacks? Do manufacturers need to be held to the same security standards as computer and software developers? Should the culprits in this case be held responsible for the major attacks other people carried out with their botnet?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 20 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Expect things to get much worse
This story highlights security issues with the "Internet of things", otherwise known as "smart devices" which are connected to the Internet - whether it's your fridge, car, smartphone, tablet, or home thermostat.
In a nutshell, any "smart" device that has access to the Internet is vulnerable. If it is hacked, it will be surely be scooped up and used as a botnet for nefarious purposes. The problem (as the story mentions) is that most cyber security focuses on PCs and servers, but not "smart" devices. As time goes on and more "smart" devices are added, the number of attack vectors will grow and the sheer volume of botnets will also grow.
At some point routers and switches on the Internet (which are the essentially the Internet "road") will need to become "smart" themselves and be able to monitor such traffic and take action to block before damage can be done. The problem with a distributed denial of service attack is that the attack comes from all corners of the Internet, and not just routed through one switch, for example.
A monolithic task at best!