UPDATED 00:31 EST / JUNE 28 2016

NEWS

Big Brother is DDoSing you: Botnet running on 25,000+ CCTV cameras discovered

What if you were to discover that the face of Big Brother in 2016, CCTV cameras, were under the control of hackers and were being used to bring down websites in Distributed Denial of Service (DDoS) attacks?

That Orwellian nightmare is actually now true, with a security firm discovering a network of over 25,000 CCTV cameras doing exactly that.

Sucuri, Inc. made the discovery when investigating an attack against an ordinary jewelry store that was flooded offline after constantly receiving 35,000 junk HTTP requests per second over a period of a number of days. When Sucuri attempted to thwart the attack, the botnet actually upped its output and dumped more than 50,000 HTTP requests per second on the store’s website.

“Since this type of long-duration DDoS is not so common, we decided to dive into what the attackers were doing, and to our surprise, they were leveraging only IoT (Internet of Things) CCTV devices as the source of their attack botnet,” the company said in a blog post.

Researchers a Sucuri queried a number of the boxes participating in the DDoS attack and found that all of them were running a “Cross Web Server” that had a default web page called “DVR Components.” Further investigation found that the malicious IPs also contained the company logos of resellers of CCTV services and the common thread was that all the devices were running a Unix-based set of utility tools called BusyBox.

To hide their identities the malicious devices were cloaking themselves to appear, as they were, common user agents such as web browsers, and also displayed false referral data showing they’d most recently come from sites including Google and USA Today.

Infected CCTV installs were found in 104 countries, with the Taiwan topping the list with 24 percent of IP addresses, followed by the United States with 12 percent, Indonesia with 9 percent, Mexico with 9 percent and Malaysia with 6 percent.

Fix

Sucuri said there was nothing web site owners could do to get the 25,000+ CCTVs fixed and protected, however, they do encourage online camera users or vendors to make sure their systems are fully patched and isolated from the internet.

“We are in the process of reaching out to the networks that have these unprotected and compromised cameras, but that’s just one small piece of the problem,” the company noted. “Once the cameras are patched, the attackers will find other easily hacked devices for their botnets.”

Image credit: oogiboig/Wikimedia Commons/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU