[Note: This comment comes from a reader of Dave Farber’s IP List. DLH]
From: Brett Glass <firstname.lastname@example.org>
Date: Sunday, October 23, 2016
Subject: [Dewayne-Net] Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
Dave, and everyone:
While my small ISP couldn’t do much about the massive denial of service attacks that plagued the Internet this week (except to answer the phone calls from frustrated customers who could not use Twitter, Disqus, and other services which relied on Dyn as a DNS provider), we could at least make sure that we were not contributing to the attacks — and we did.
We blocked incoming attacks by the Mirai worm (which was creating the botnet that executed the DDoS attacks), monitored our network for vulnerable camera systems that were attempting to participate in it (there was only one — a cheap, Chinese DVR rebranded and resold by a company in New Jersey to one of our rural customers), and set up a honeypot to capture the code.
The thing which was embarrassing (or should have been) was that the code for the worm was simpler and easier to analyze than that of the infamous Morris worm, which was released on the Internet in 1988. It simply brute-forced certain vulnerable systems via Telnet, using default passwords, and then wormed its way into the affected systems via the shell. No need for “stack smashing” exploits or fancy, hand-assembled machine code; the systems were such sitting ducks that none of that was necessary to turn them into bots.
The owner of the infected DVR had no idea that he’d bought a vulnerable piece of equipment, one for which software updates were not available and whose security holes could not be closed — only shielded from outside attacks via a firewall and VPN. He was incredulous that anyone would even be ALLOWED to sell a device that insecure, or that the FCC — via its unwise and illegal “network neutrality” regulations — would require ISPs like me to leave them exposed to attacks by default.
As an ISP, an engineer, and an embedded system developer, all I can say is, “I told you so.”
Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
By Brian Krebbs
Oct 21 2016