A hacker last week leaked online a massive list of Telnet credentials for more than 5,00,000 devices that includes servers, home routers, and IoT (Internet of Things) smart devices.
The list was leaked by a distributed denial of service (DDoS) botnet operator on a popular hacking forum, according to ZDNet which first reported the news.
The list contained credentials such as IP addresses, usernames and passwords of more than 515,000 Telnet devices belonging to their respective ports.
Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).
The hacker compiled the list by scanning the entire internet for devices using factory-set default usernames and passwords or easy-to-guess password combinations.
When ZDNet contacted the hacker to ask as to why he leaked such a huge list of “bots” – a common component of an IoT botnet operation – he revealed that “he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers.”
The lists leaked online contained details collected between October and November 2019. ZDNet used IoT search engines like BinaryEdge and Shodan and found that some devices were situated on the networks of known internet service providers (ISPs) (indicating they were either home router or IoT devices), but other devices were found on the networks of major cloud service providers.
While some of these devices may now be running on a different IP address, or using different login credentials, the lists still remain extremely useful for an experienced hacker who can exploit it in various ways.
A hacker could use the IP addresses in the lists to determine the service provider, and then re-scan the ISP’s network to find out their latest IP addresses. The hacker can then either use the manufacturer’s default account credentials or correctly guess the commonly used username/password combination to get remote access to the affected products. This would allow hackers, in turn, to employ the devices in b IoT botnet operations such as DDoS attacks, malware ads scheme or others.
In order to keep your internet-connected devices safe, it is always advisable to use login credentials that are different from the manufacturer’s default account credentials.
Also, it is recommended to use strong passwords, which has a combination of alphabets, numbers, and typical characters.