Subscriber Discussion

Botnet Of 900 IP Cameras Launch DDOS Attack

Undisclosed #1

IPVMU Certified | 11/08/15 03:16am

Nearly one thousand geographically disparate ip cameras have been launching coordinated distributed denial of service attacks against an unidentified targets, reported Incapsula

The attack was run of the mill, peaking at 20,000 requests per second (RPS). The surprise came later when, upon combing through the list of attacking IPs, we discovered that some of the botnet devices were located right in our own back yard. Further investigation of the offending IPs showed that they belonged to CCTV cameras, all accessible via their default login credentials.

Further research showed that these cameras had been used in previous attacks possibly by unrelated hackers.

Agree
Disagree
Informative
Unhelpful
Funny

John Honovich

IPVM | 11/08/15 12:30pm

At the bottom of that post, we asked them what cameras were involved. Their response:

"In this case it wasn't any particular manufacturer or camera model, just a seemingly random cluster of cameras that were configured to allow remote access, while also being accessible via default/easy-to-guess credentials. (e.g., amdin/admin, admin/12345, etc) You can find those is the strings dump above."

Agree: 1
Disagree
Informative
Unhelpful
Funny

Undisclosed #1

IPVMU Certified | In reply to John Honovich | 11/09/15 03:31am

I think this is going to turn out to be the real use to hackers of these compromised cameras, being surrogate computing devices used for various untraceable evil.

It makes headlines when somebody yells thru a baby cam, but there's no money in it. And bit coin mining proved to CPU intensive for DVR's so I'm not sure cameras are going to be any better.

What needs to be done is a 'white hat' hacker needs to write something to log into these cameras and change the camera name to "change your root password, you can be hacked".

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed End User #2

11/09/15 06:43am

Where on the scale of white hat/black hat would you place a bot that helpfully changes the admin password to something random and unguessable? The technology seems trivial: from zombies to doorstops, maybe even permanently if there's no hardware reset button.

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed #1

IPVMU Certified | In reply to Undisclosed End User #2 | 11/09/15 07:00am

Where on the scale of white hat/black hat would you place a bot that helpfully changes the admin password to something random and unguessable?

Dark grey.

Agree
Disagree
Informative
Unhelpful
Funny
Top Comment Votes - Past 3 Months
  • 1. John Honovich - 1345
  • 2. Dwayne Cooney - 451
  • 3. Brian Karas - 401
  • 4. Marty Major - 300
  • 5. Michael Miller - 299
  • 6. Andrew Myers - 269
  • 7. Brian Rhodes - 235
  • 8. Matt Bischof - 173
  • 9. Ross Vander Klok - 157
  • 10. Aiden Gonzalez - 133
  • 11. Kyan Mahadeo - 130
  • 12. Mert Karakaya - 123
  • 13. Shannon Davis - 115
  • 14. Carsen Whiteside - 114
  • 15. Greg Cortina - 103
  • 16. Ethan Ace - 103
  • 17. Sean Patton - 95
  • 18. Lynn Harold - 77
  • 19. Donald Maye - 75
  • 20. Hans Kahler - 60
Manufacturers
Tools

BestMatch

Design Calculator

Online Shows

Camera Finder

F-Stop Calculator

Chat

Integrator Finder

News Spider

Camera Comparison

Quizzes

Pages

About

Contact