Chinese firm admits its hacked cameras, DVRs were behind Friday’s massive web outage
XiongMai Technologies, a Chinese firm that manufactures components for surveillance video cameras, acknowledged that a piece of malware known as “Mirai” was used in their products, in part, is responsible for last Friday’s distributed denial-of-service attacks against DNS provider Dyn.
Dyn, is an infrastructure company in New Hampshire in the U.S. that acts as a switchboard for internet traffic, and works as a middleman to ensure that you get to websites you want when you type in the URLs.
The distributed denial of service attack against the company Dyn brought down websites and apps across the internet, temporarily barring access to Twitter, WhatsApp, Pinterest and more for millions of users. While Dyn was able to stabilize the situation within a few hours, a second DDoS attack began in the early afternoon, again disrupting services across the web.
Mirai botnets exploit Internet of Things devices taking advantage of their regularly low security to employ them in DDoS offensives.
“Mirai is a huge disaster for the ‘Internet of Things,'” XiongMai representative Cooper Wang told CNNMoney in an email. “[We] have to admit that our products also suffered from hackers’ break-in and illegal use.”
According to the cyber security intelligence firm Flashpoint, it appears hundreds of thousands of internet-connected devices, such as security cameras and DVRs, were used without their owners’ knowledge to help leverage Friday’s attack.
XiongMai confirmed that the weaknesses in their products were identified last year and hackers continue to exploit them.
Users were unable to change the default password on their devices, which allowed hackers to install malware and hijack them for the DDoS attack.
Components manufactured after September 2015 no longer have this vulnerability and users should update the firmware of products sold before that date, XiongMai says.
Allison Nixon, director of research at the security firm Flashpoint, said its web-enabled CCTV cameras and digital video recorders were compulsorily networked together using the sophisticated malware program Mirai to direct the crushing number of connection requests to Dyn’s customers.
“It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States,” she told security researcher Brian Krebs.
The same Mirai malware was used in September to launch what was then described as the biggest DDoS attack ever on Krebs’ website, Krebs on Security. He was made a target in the past due to his reporting on cybercrime.
The infected devices helped flood Dyn with illegitimate online requests and in return held up major platforms like Netflix, Spotify and Reddit during three waves on Friday.
To make matter worse, hackers are selling access to a huge crowd of hacked Internet of Things (IoT) devices designed to launch attacks capable of severely disrupting web connections, reports FORBES.
In early October, the security company RSA discovered that hackers were advertising access to a huge IoT botnet on an underground criminal forum – the Tor-based Alpha Bay market.
“This is the first time we’ve seen an IoT botnet up for rent or sale, especially one boasting that amount of firepower. It’s definitely a worrying trend seeing the DDoS capabilities grow,” said Daniel Cohen, head of RSA’s FraudAction business unit.
According to the claim of the seller, they could produce 1 terabit of traffic, which is almost equal to the world record DDoS attack that hit French hosting provider OVH earlier this month at just over 1 terabit. Anyone could buy 50,000 bots (hacked computers under the control of hackers) for $4,600, anyone, while 100,000 bots would cost $7,500.