Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks

 The Wall Street Journal. Drew FitzGerald


Hackers used an army of hijacked security cameras and video recorders to launch several massive internet attacks last week, prompting fresh concern about the vulnerability of millions of “smart” devices in homes and businesses connected to the internet.

The assaults raised eyebrows among security experts both for their size and for the machines that made them happen. The attackers used as many as one million security cameras, digital video recorders and other infected devices to generate a flood of internet traffic that knocked their targets offline, security experts said.


Quotes in the article

Level 3 Communications Inc

Zhejiang Dahua Technology Co Ltd

We’re thinking this is the tip of the iceberg,” said Dale Drew, head of security at Level 3 Communications Inc., which runs one of the world’s largest internet backbones, giving it a window into many of the attacks that cross the net.

The proliferation of internet-connected devices from televisions to thermostats provide attackers a bigger arsenal of weapons to infiltrate. Many are intended to be plugged in and forgotten. These devices are “designed to be remote controlled over the internet,“ said Andy Ellis, chief security officer at network operator Akamai Technologies Inc. ”They’re also

Security experts have long warned that machines without their own screens are less likely to receive fixes designed to protect them. Researchers have found flaws in gadgets ranging from “smart” lightbulbs to internet-connected cars. Wi-Fi routers are a growing source of concern as many manufacturers put the onus on consumers to do the updating.

Level 3 identified cameras and video recorders made by Chinese manufacturer Dahua Technology Co. as the sources of a large share of the recent attacks, but Level 3 said other devices are being roped into a new attack network currently being assembled. Hackers often hijack the machines through computers that are already infected or poorly protected Wi-Fi routers.

A Dahua spokeswoman said Thursday the company was still reviewing Level 3’s research. She cautioned that malware could succeed in attacking older devices that have outdated software. “We strongly recommend users to upgrade the firmware of devices” and set a strong password to reduce risks, she added.

Dahua, which claims it is one of the world’s biggest makers of security cameras and digital recorders, sells directly to consumers and businesses through its website and retailers like Amazon. It also lists 71 technology partners on its U.S. website, from startups like AngelCam to better known brands like Canon.

Many of Dahua’s cameras and recorders are used by small businesses for security systems. Level 3 said H.264 DVRs made by Dahua were especially prevalent, though security researchers said other brands were affected. In some cases the devices weren’t protected with passwords or had generic passwords, Mr. Drew said.“I suspect that a lot of people have been caught by surprise by how soon” the attacks happened, said Akamai’s Mr. Ellis. His company said it was blindsided by one of last week’s attacks, which temporarily brought down the website of one of its clients, security researcher Brian Krebs.

Mr. Ellis said a flood of traffic on Sept. 21 reached 700 gigabits per second—equivalent to 140,000 high-definition movies streaming at once—on his company’s network, the biggest the company has ever experienced. The largest attack Akamai had previously absorbed was half that volume.

“We need to address this as a clear and present threat not just to censorship but to critical infrastructure,” Mr. Krebs said.

Arbor Networks, a security firm that defended several websites affiliated with the Rio Olympics against similar attacks this summer, found cable set-top boxes and home routers used to bombard the websites with data. Those attacks reached as much as 540 gigabits per second, Arbor said.

“There are tens and tens of millions of these embedded devices out there,” said Roland Dobbins, Arbor’s principal engineer. “But they ship by default with very poor security.”

Denial-of-service attacks—so-called because they flood websites with unwanted data crashing the sites and denying access to legitimate users—are nothing new. In prior iterations, hackers have exploited weaknesses in the operating systems of personal computers hijacking them to carry out these actions. Microsoft Corp. for decades has been playing a running game of Whac-A-Mole to patch each flaw in its Window’s operating system as it arises.

“It’s going to be very difficult to convince consumers to patch their refrigerator,” said Matthew Prince, chief executive of security provider CloudFlare. “Where the security is more likely to be placed is in the network.”

No Comments Yet.

Leave a comment

%d bloggers like this: