14 DAY TRIAL // Over 900 CCTV cameras sporting default or weak login credentials were hacked and joined into a DDoSing botnet that covers the entire globe, as Incapsula researchers are reporting.
Hacking the CCTV cameras wasn't as hard as you'd think, and as the security researchers are explaining, a simple dictionary brute-force attack was more than enough to easily crack the CCTV systems.
The blame solely resides in the persons that configured the devices, who used weak login SSH or Telnet passwords, didn't change the default ones at all, or left the cameras open to outside connections in cases where it wasn't necessary.
According to the Incapsula team, all compromised CCTV systems were running BusyBox, a stripped-down version of the Linux operating system, specifically built to run on IoT devices with limited memory and CPU resources.
After the devices were compromised via brute-force login attacks, the .btce malware was being dropped on their system, malware derived from ELF_BASHLITE (also known as GayFgt and Lightaidra), a malware family specially designed for BusyBox setups running on ARM architectures.
CCTV cameras were launching DDoS attacks of 20,000 RPS
All infected devices were being used to launch DDoS attacks using HTTP GET request floods. The DDoS attack was mainly being carried out against a well-known cloud service provider.
One of the devices that the security experts studied was recorded sending over 20,000 HTTP requests per second. Another device had multiple brute-force attacks and logins recorded in its logs from different IP addresses, meaning it was hacked more than once.
Alongside SOHO routers, IP cameras and CCTV systems are generally considered the weakest and most unprotected network devices around.
A 2014 report by IHS claims that there are over 245 million video surveillance cameras installed around the world. This might explain why hackers have such an appetite for this kind of devices, being extremely common and most of the times improperly configured.
