Subscriber Discussion

Major DDOS Attack On Major Websites

U
Undisclosed #1
Oct 21, 2016

Noticed a bunch are down. We cant even process payments because our payment gateway is down. Could it be because of you know who?

http://www.usatoday.com/story/tech/2016/10/21/cyber-attack-takes-down-east-coast-netflix-spotify-twitter/92507806/ 

U
Undisclosed #2
Oct 21, 2016
IPVMU Certified

Could it be because of you know who?

The who is IOT devices, from many manufacturers.

The what is massive disruption to the internet for an unprecdented amount of time.

The why is unknown.

Hopefully, this wake-up call will raise the visibility of unsecured devices to the world at large, and spur them to action.

We can only hope :)

(2)
Avatar
Armando Perez
Oct 21, 2016
Hoosier Security and Security Owners Group • IPVMU Certified

accidentally started another thread which is rightfully deleted, but. I found thru this link:

http://www.dailymail.co.uk/sciencetech/article-3859500/Widespread-internet-havoc-major-attack-takes-websites-offline-Spotify-Twitter-sites-suffer-outages.html

Im guessing Mirai has atleast a part of this, but I havent analyzed anything and Im happy to wait before freaking out. in the meantime, this is pretty Yuge.

LL
Louis Li
Oct 21, 2016

The problem is that many of those IoT devices can't be updated via OTA。

UI
Undisclosed Integrator #3
Oct 21, 2016

Per the top story on Engadget.com, "Flashpoint says hacked cameras and routers enabled a Mirai botnet to take out major websites on Friday."

(1)
UD
Undisclosed Distributor #4
Oct 21, 2016

This has been amazing... I wonder when people will start to care? If netflix and payment processing and playstation servers doesn't make people care then I'm not sure that anything will...

It's our industry's duty to make people aware of why, and how, and who, has caused this and why/how to prevent it. However, that would mean that major Chinese manufacturer's would have to develop some ethics and morals and step up and own their responsibility, then that would have to trickle down to the installers.

If this was Intel or HP or Dell's products you'd be seeing a different response than we're seeing from the Chinese.

(1)
U
Undisclosed #1
Oct 22, 2016

I just read that xm devices were to blame for majority of the issue.

UD
Undisclosed Distributor #4
Oct 22, 2016
In reply to Undisclosed #1

Link? Most people are reporting that it's just the IoT and "digital video recorders" according to CNN's quote of Flashpoint. I haven't seen any manufacturer names implicated in this recent bout like we saw against Brian Krebs. I've seen some speculate that the Mirai botnet was at least partially responsible, which would be majority Dahua and XM devices I believe.

U
Undisclosed #2
Oct 22, 2016
IPVMU Certified
In reply to Undisclosed Distributor #4

Link.

According to researchers at security firm Flashpoint, today’s attack was launched at least in part by a Mirai-based botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today’s ongoing attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.

UD
Undisclosed Distributor #4
Oct 22, 2016
In reply to Undisclosed #2

Thank you! This is very interesting:

It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” Nixon said, noting that Flashpoint hasn’t ruled out the possibility of multiple botnets being involved in the attack on Dyn.

It is almost as if the P.R.C. planned this all years ago... It's kind of like a subversive cold-war with China, and they're winning because Americans in our industry are apathetic and lazy. Imagine when Hikvision turns their network on... border patrol, water treatment facilities, power plants, military installations... I know Hikvision has won bids for all of these types of contracts. We know that Hikvision is controlled by the communist PRC. (People's "Republic" of China)

Phil K. Dick would have a hay-day with all of this...

U
Undisclosed #2
Oct 22, 2016
IPVMU Certified
In reply to Undisclosed Distributor #4

Phil K. Dick would have a hay-day with all of this...

Sorry, but I don't know Dick.

MC
Marty Calhoun
Oct 23, 2016
IPVMU Certified
In reply to Undisclosed Distributor #4

Sounds Bad for real, only problem 99.9% of the systems the Military has are NOT on any kind of network that can touch the Internet.

U
Undisclosed #2
Oct 22, 2016
IPVMU Certified

Must watch video on the 7 keys that control DNS and the Internet:

(1)
MM
Michael Miller
Oct 22, 2016
U
Undisclosed #2
Oct 23, 2016
IPVMU Certified
In reply to Michael Miller

Turn off the camera...

Maybe just cut the frame rate in half temporarily, you don't want anybody nosing around your bot because of some alarm or because somebody's screen goes blank. :)

MM
Michael Miller
Oct 23, 2016
In reply to Undisclosed #2

Customers screen goes blank. They call the company that installed it which shows up the next day to reboot the camera. Hacker has minimum 24 hours to control the camera?

U
Undisclosed #2
Oct 23, 2016
IPVMU Certified
In reply to Michael Miller

Guy shows up the next day to reboot the camera, figures he should bring the firmware up to date, 'what the hell'. One less soldier in the botnet brigade for next time.

New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions