Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Botnet Security Communications Network Networking Privacy Software The Internet News Technology

A Massive Botnet of CCTV Cameras Involved In Ferocious DDoS Attacks (softpedia.com) 79

An anonymous reader writes: "A botnet of over 25,000 bots is at the heart of recent DDoS attacks that are ferociously attacking businesses across the world with massive Layer 7 DDoS attacks that are overwhelming Web servers, occupying their resources and eventually crashing websites," reports Softpedia. This botnet's particularity is the fact that attacks never fluctuated and the attackers managed to keep a steady rhythm. This is not a classic botnet of infected computers that go on and off, but of compromised CCTV systems that are always on and available for attacks. The brands of CCTV DVRs involved in these attacks are the same highlighted in a report by a security researcher this winter, who discovered a backdoor in the firmware of 70 different CCTV DVR vendors. These companies had bought unbranded DVRs from Chinese firm TVT. When informed of the firmware issues, TVT ignored the researcher and the issues were never fixed, leading to crooks creating this huge botnet.
This discussion has been archived. No new comments can be posted.

A Massive Botnet of CCTV Cameras Involved In Ferocious DDoS Attacks

Comments Filter:
  • Owned (Score:2, Funny)

    by Anonymous Coward

    by the Chinease. What's new?

  • Comment removed based on user account deletion
    • Can we crowd fund a DDoS attack on TVT? Any takers?

      No. This is what diplomacy is for.

      • Until some part of the Federal Government takes responsibility for stopping this crap it will continue, and even get worse. No individual, non-profit or trade organization has the clout to stop this bad behavior. (Sorry libertards, this is where the real world intrudes and crushes your anti-government delusional thinking.)

        So why hasn't this happened already? Because of the famous step 3: Profit! If some one at the federal level takes this seriously enough to intervene, then it sets a precedent that compani

        • Until some part of the Federal Government takes responsibility for stopping this crap it will continue

          Why is it the responsibility of the government and not you?

          Here is a thought. You (not you personally, but you the collective) have gone the route of buying the cheapest CCTV systems in the world, should be held civilly liable for their use and maintenence. This means, that if I can trace any part of a DDOS to your CCTV system, I can sue you and your corporation for damages. And so can everyone else affected by your hacked and damaged system.

          Small claims courts are great for death by a million paper cuts. I

          • by cusco ( 717999 )

            Go look at the NVR or DVR in your employer's security center (if that's allowed). Can you tell who made it? Probably not. HikVision, Indigo, etc. don't make their own hardware, they contract it out. Possibly if you open the case you might see a label, but you might not. For a decade SuperMicro made all the DVRs for Lenel, and the only way you could tell is if you got into the password-protected BIOS. This issue was first discovered on an NVR from an Israeli company, would you automatically assume that

  • by Anonymous Coward

    The Internet of Compromised Things strikes again. Vulnerability as a Service isn't just for luddites and apps anymore.

  • lots of C's. co-ink-i-dink?
  • by rtb61 ( 674572 ) on Monday June 27, 2016 @09:40PM (#52403275) Homepage

    A piece of hardware still provides that connection, from network to network. So why are those pieces of hardware designed to allow naughty unnecessary communications. There is no reason why that hardware should be capable of executing a DDOS attack, a simple timing issue, that should be hardware locked.

    • So why are those pieces of hardware designed to allow naughty unnecessary communications.

      The problem is not that they're designed to allow naughty unnecessary communication, the problem is that they're not designed not to.

      It's like designing a door with a knob but no lock- there was no thought given to keeping the bad guys out.

      This is going to be a bigger and bigger problem with the advent of IoT crap (the Internet Of Trash).

      • So why are those pieces of hardware designed to allow naughty unnecessary communications.

        The problem is not that they're designed to allow naughty unnecessary communication, the problem is that they're not designed not to.

        It's like designing a door with a knob but no lock- there was no thought given to keeping the bad guys out.

        This is going to be a bigger and bigger problem with the advent of IoT crap (the Internet Of Trash).

        So they have no firewall on their network to prevent un-authorized access from outside the building? I think that's the point he was trying to make. No one should be able to connect to and manipulate this device in the first place.

        • So they have no firewall on their network to prevent un-authorized access from outside the building? I think that's the point he was trying to make.

          Of course not, this is Joe and Jane Sixpack we're talking about here. They buy it, they plug it in. The End. They wouldn't know a firewall if they tripped over one.

          -

          No one should be able to connect to and manipulate this device in the first place.

          Oh I totally agree, and that was the point I was trying to make. These things are designed without even a passing thought to security, and they get hacked because 99.999999999% of consumers don't have any firewall in place, nor do they even know that they need one. (Or that such a thing even exists.)

          In other words, they aren't designed to not be

          • by cusco ( 717999 )

            this is Joe and Jane Sixpack we're talking about here. They buy it, they plug it in. The End.

            Oh, no, it's considerably worse than that. Most security hardware installers will happily drop the customer's NVR on the Internet outside of the company firewall,and then proudly show the customer that they can now access the cameras on their frelling smartphone. I have been railing for years on LinkedIn and other venues the necessity of protecting security equipment from the network, to no avail. Installing and

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      The problem is that all these IoT things are being built conveniently using stock Linux kernels on top of cheap CPUs. This is general compute hardware in the most general sense - whole PCs serving really simple purposes. The reasons for this is simple; the skills required to assemble a kernel to perform a particular task are reasonably well known. There's lots of programmers around that can duct-tape together a system with these things.

      These systems could be made much more secure if they could execute their

      • by Bert64 ( 520050 )

        Booting them from ROM would actually make things worse, since you'd not be able to upgrade them the vulnerable version would remain there until the device was trashed. Those launching attacks could just exploit vulnerabilities and load their code into RAM, the backdoor would be lost after a reboot but these devices rarely reboot anyway.

        And the problem with these devices is pretty much always due to their own crappy code and not the existing linux code the devices are running.

        The same problem occurs with sma

  • Maybe it's time for the government to order a factory recall.

    • by cusco ( 717999 )

      It's China, a nice deposit in a regulator's bank account and any such order evaporates.

      It's likely that TVT has no clue where all the devices even went, they sell to wholesalers who sell to wholesalers who sell to rebranders who sell to wholesalers who sell to retailers. Good luck tracking that down.

  • by Hylandr ( 813770 ) on Monday June 27, 2016 @10:39PM (#52403527)

    I wonder how much money TFT is making by selling access to the Botnet they got other people to purchase and deploy for them.

    Pretty ingenious really.

  • by Anonymous Coward on Monday June 27, 2016 @11:10PM (#52403655)
    Since it's buried 2-3 links in.

    (Extra characters to get past slashdot's minimum characters per line filter. Who the hell thought it would be a good idea to make a filter which basically prohibits lists, and also prevents you from putting the padding out of the way at the end of the post? Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.)

    Ademco
    ATS Alarmes technolgy and ststems
    Area1Protection
    Avio
    Black Hawk Security
    Capture
    China security systems
    Cocktail Service
    Cpsecured
    CP PLUS
    Digital Eye'z no website
    Diote Service & Consulting
    DVR Kapta
    ELVOX
    ET Vision
    Extra Eye 4 U
    eyemotion
    EDS
    Fujitron
    Full HD 1080p
    Gazer
    Goldeye
    Goldmaster
    Grizzly
    HD IViewer
    Hi-View
    Ipcom
    IPOX
    IR
    ISC Illinois Security Cameras, Inc.
    JFL Alarmes
    Lince
    LOT
    Lux
    Lynx Security
    Magtec
    Meriva Security
    Multistar
    Navaio
    NoVus
    Optivision
    PARA V
  • As someone who has some experience with CCTV DVRs, all of the DVRs I've worked with are the same: fanless computers with cases so thick they're practically mil-spec that get set up once and then immediately locked up in a room (to which only a handful of people on-site are allowed to have a key). The DVRs themselves are on an intranet with the cameras that has no outside internet access. The process works because no one can hack the network without physically being present in the building (at which point th

    • by Bert64 ( 520050 )

      All kinds of reasons...

      Some people want to monitor the premises from a remote site...
      Some companies want to centralise their cctv monitoring to save costs.
      There is already an ethernet network present, cheaper than running separate cabling for ip cameras.

      • All of those things can be provided, by proper IT.

        Remote Monitoring - Virtual Desktop Infrastructure. Only systems inside the firewall can use the CCTV system, and VDI provides a way into the inside of the firewall. The CCTV system is on a non-routable VLAN that traffic cannot leave the premises. No hacking ,no DDOS no nothing.

        Centralized Monitoring - VLANs and VPNs. By setting up proper VPNs and VLANs, you can properly isolate systems from the outside, while providing the same level of service (perhaps eve

        • All of those things can be provided, by proper IT.

          Remote Monitoring - Virtual Desktop Infrastructure. Only systems inside the firewall can use the CCTV system, and VDI provides a way into the inside of the firewall. The CCTV system is on a non-routable VLAN that traffic cannot leave the premises. No hacking ,no DDOS no nothing.

          Centralized Monitoring - VLANs and VPNs. By setting up proper VPNs and VLANs, you can properly isolate systems from the outside, while providing the same level of service (perhaps even better service) for properly maintaining a single central monitoring service. The issue here is that in order to do this, you have to have an IT dept that can articulate why it needs to isolate networks from each other properly.

          Ethernet Present - Yup, and probably the swiching/routing needed to properly VLAN and VPN the whole thing so that you can use existing infrastructure to isolate traffic from each other on the same equipment. Cheap ass networking gear excepted.

          Good IT is expensive, bad IT is costly.

          Well, I'm going to lose the mod points I provided, but what the heck.

          The type of customer these products are targeted for - small businesses or homes - they do not have proper IT. Now, it is not a fault of these type of customers (to a degree). It is more the manufacturer's faults for not designing products that are *obviously* aimed that does not have dedicated/proper IT.

          It should not be impossible to provide a COTS, drop-in CCTV solution that only connects from the cameras to the DVR and to pair the

      • All kinds of reasons...

        Some people want to monitor the premises from a remote site... Some companies want to centralise their cctv monitoring to save costs. There is already an ethernet network present, cheaper than running separate cabling for ip cameras.

        That still doesn't explain why it's insecure. VPN's are cheap. Install a router/firewall where you can VPN in and then manage from there.

    • by Desler ( 1608317 )

      So the cameras can be remotely monitored.

      • by cusco ( 717999 )

        I monitor cameras at sites in 21 countries on every continent but Africa and Antarctica (and we're going to drop a site in South Africa next year). **NOT ONE** is directly on the Internet. There is absolutely no reason for any of these NVRs to be on the Internet, except laziness by the installer and salescritters. I have been barking up this tree for years on LinkedIn, that a VPN is cheap and easy to install, and the vast majority of even professional security system installers who work with Fortune 500

  • "US-based security vendor Sucuri discovered this botnet, very active in the last few weeks, and they say it's mainly composed of compromised CCTV systems from around the world.

    Their first meeting with the botnet came when a jewelry shop that was facing a prolonged DDoS attack opted to move their website behind Sucuri's main product, its WAF (Web Application Firewall).
    "
  • Many years ago I worked at a major networking hardware manufacturer (one who should know their stuff, but somehow let this happen). This was maybe '04 or '05 or so. Seems they had installed some kind of security camera system that ran on a Windows platform. Like one per camera or maybe one per four cameras or something. And because it's all wrapped up as a product, you can't just stick McAfee on it. Yes, I know, what the ever loving fuck. They were deployed all over the company. Hooked up via gigabit Ethern

  • Why do CCTVs have outbound access to the internet at all?

    If a CCTV feed really needs to leave the premises, that's what VPN is for.

    Between the security and privacy issues, someone should be losing their job.

Perfection is acheived only on the point of collapse. - C. N. Parkinson

Working...