HackingNewsSecurity

Hacking CCTV Cameras to Launch DDoS Attacks

The connected devices, better known as the Internet of Things, have been attracting the significant interest of, not only users but also cyber criminals that are turning them into weapons for cyber war.
Due to the insecure implementation of Internet-connected embedded devices, they are routinely being hacked and used in cyber attacks.
And Now…
Cyber crooks have targeted innocent looking CCTV cameras – common Internet-of-Things (IoT) device – to launch Distributed Denial-of-Service (DDoS) attacks.
Yes, Surveillance cameras in shopping malls are being targeted to form a large botnet that can blow large websites off the Internet by launching crippling Distributed Denial-of-service (DDoS) attacks.

THE CAUSE

The crooks made this possible because CCTV camera operators are taking a Lax approach to security and their failure to change default passwords on the devices.
Security researchers from Imperva’s Incapsula team first warned about closed-circuit television (CCTV) botnet attacks in March 2014.
However, according to a recent blog post published by Imperva, the DDoS attack now peaked at 20,000 requests per second and originated from nearly 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.

MALWARE INFECTED CCTVs

When analyzing one of the compromised cameras located in a shopping center just five minutes from the team’s office, the researchers found that the camera was infected with a variant of a known malware program known as…
Bashlite, or Lightaidra or GayFgt, specially designed for ARM versions of Linux.
The most common attack consisted of HTTP GET request floods originating from around 900 CCTV cameras spread around the world.

THE TARGETS

The target of the DDoS attack was a rarely-used asset of a large cloud service, serving millions of users worldwide. However, Imperva did not name the firm targeted.
Notably, all of the compromised cameras monitored by the firm were logged from multiple locations in almost every case, suggesting that several different hackers were abusing the weakness of unsecured CCTV cameras.
Top targeted countries for CCTV botnets around the world include India, China, Iran, Indonesia, US, and Thailand.

Cyber Attacks Leveraging Internet of Things

The analysis done by Imperva is to raise awareness about the importance of basic security practices to secure connected devices.
Because the most obvious reason for cyber attacks on internet connected devices is that the devices are rushed to market, without proper considering the device’s security by design.
Share Your Thoughts
Tags

Pascal Eugene

Founder of ‘Geek The Net’. Cyber Security Analyst, Information Security Researcher, Developer and Part-Time Hacker.

Related Articles

Close