Search
  • Videos
  • Windows 10
  • 5G
  • CES
  • Best VPNs
  • Cloud
  • Security
  • more
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Windows 10
    • 5G
    • CES
    • Best VPNs
    • Cloud
    • Security
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

How zombie cameras took down Netflix... and an entire country's internet

4 of 16 NEXT PREV
  • zdnet-iot-crime.jpg

    Once used to harass Minecraft players and illicitly mine Dogecoin, the Internet of Things botnet -- a large, malware-infected collection of smart home cameras, DVRs, routers and more -- has since been turned into a powerful weapon by cybercriminals. Hackers have used large bursts of data from it to silence journalists, cause hundreds of millions in damage, and shut down an entire country's internet infrastructure.

    Control of this growing botnet has passed from hacker to hacker over the past few years as it grows larger and more dangerous with time. Here's how the threat has evolved.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: kali9/Getty Images

    Caption by: Fox Van Allen

  • The weak security link

    The weak security link

    There's one thing that almost all Internet of Things attacks have in common: They all leverage the lax default security settings in consumer devices.

    One of the earliest IoT scare stories dates back to August 2013, when a hacker gained remote access to an unsecured Foscam Baby Monitor and used the two-way mic to shout obscenities at a toddler. Many cameras remain unprotected and are easily searchable online.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Foscam

    Caption by: Fox Van Allen

  • The Early IoT Hacks: Baby Spying

    The Early IoT Hacks: Baby Spying

    Because so few people thought to secure these devices -- and because security was often an afterthought for manufacturers -- infected monitors and home security cameras make up the backbone of the IoT botnet.

    Combined, cameras and set-top boxes (DVRs) represent 95 percent of the devices used in large IoT attacks. Unsecured home routers make up another 4 percent.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Shutterstock / Ivica Drusany

    Caption by: Fox Van Allen

  • Dogecoin and IoT hacks

    Dogecoin and IoT hacks

    Hackers quickly began exploiting IoT vulnerabilities for financial gain. The Linux.Darlloz worm, first identified in November 2013, used infected routers and set-top boxes to mine virtual money.

    A ZDNET article from March 2014 reports that the crooks had generated 42,438 Dogecoins and 282 Mincoins through the scheme -- less than $200 in total value.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Shutterstock / aztekphoto

    Caption by: Fox Van Allen

  • Enter the Lizard

    Enter the Lizard

    The IoT malware game changed again in September 2014 with the release of the LizardStresser (BASHLITE) malware. It uses common passwords such as "password" and "123456" to take over IoT devices via the Shellshock bug.

    LizardStresser increased the size of the IoT zombie botnet. As of 2016, more than 1 million devices (including home routers) had been infected by a form of BASHLITE malware.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Shutterstock / Casezy idea

    Caption by: Fox Van Allen

  • The first generation of IoT DDoS attacks

    The first generation of IoT DDoS attacks

    The LizardStresser botnet can launch distributed denial of service (DDoS) attacks at a rate of 400Gbps.

    It's been used against targets ranging from large banks to telecom providers to government agencies, ZDNET reported. LizardStresser has also been used in DDoS attacks on Xbox Live and PlayStation Network.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Getty Images/iStockphoto

    Caption by: Fox Van Allen

  • Malware motivated by Minecraft money

    Malware motivated by Minecraft money

    With the IoT botnet growing, criminals devised a more profitable use for it: Selling DDoS attacks to the highest bidder. In late 2014, a hacking collective called Lizard Squad took control of the IoT botnet and sold access to an illegal control tool.

    Private Minecraft servers were popular targets. Owners would pay to launch costly DDoS attacks on their competitors, hoping to lure their customers away to a purportedly more secure server.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Shutterstock / Pabkov

    Caption by: Fox Van Allen

  • A vigilante IoT attack?

    A vigilante IoT attack?

    With control of the IoT botnet swinging back and forth between hackers, a group of white hats tried to secure unprotected devices with "good malware." Released in November 2014, Linux.Wifatch infects IoT devices, scans for and deletes malware, and then closes up Telnet access to block future attackers.

    Interestingly enough, the hackers hid a special message inside their code: "To any NSA and FBI agents reading my email: Please consider whether defending the US Constitution against all enemies, foreign or domestic, requires you to follow Snowden's example."

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Shutterstock / Rena Schild

    Caption by: Fox Van Allen

  • Enter Mirai

    Enter Mirai

    In August 2016, a hacker calling himself Anna Senpai took near monopolistic control of the IoT botnet via his Mirai malware. Named after an anime series, Mirai deletes previous IoT infections and replaces the malicious code with its own.

    Like other IoT malware, Mirai leverages 60 common factory default usernames and passwords in its attacks. At its peak, Mirai was infecting 4,000 IoT devices per hour.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Funimation

    Caption by: Fox Van Allen

  • Netflix down!

    Netflix down!

    The most well-known Mirai attack in the U.S. happened on October 21, 2016. On that date, a record-breaking 1.2Tbps DDoS blast from 100,000 infected devices took down the servers of Dyn, a global domain name system (DNS) service provider.

    The attack took down a large number of major websites, including Netflix, Twitter, Amazon, CNN and more.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Shutterstock / Diabluses

    Caption by: Fox Van Allen

  • IoT hackers vs. journalists

    IoT hackers vs. journalists

    Around the same time, the Mirai botnet targeted security expert and blogger Brian Krebs of KrebsOnSecurity.com with a massive, 623 Gbps DDoS attack. It was purportedly launched in retribution for a Krebs story that led to the arrest of two Israeli teenagers.

    Akamai dropped its pro bono support for Krebs' website as a result, as the cost of defending against the attacks rose into the millions of dollars. His site is now protected by Google's Project Shield.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: White House Photo

    Caption by: Fox Van Allen

  • Is this Anna Senpai?

    Is this Anna Senpai?

    In a lengthy blog posting, Krebs singled out Rutgers University student Paras Jha as Anna Senpai, the person allegedly behind the Mirai worm who attacked his site.

    According to Krebs' report, Jha has connections to the Minecraft DDoS protection racket. For his part, Jha has not been charged with a crime, though he has been questioned by the FBI regarding the attack.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: LinkedIn

    Caption by: Fox Van Allen

  • A major attack against Liberia

    A major attack against Liberia

    But that's not all. The Mirai Botnet is also responsible for taking down the entire internet infrastructure in Liberia in a November 2016 DDoS attack.

    More than 600 Gbps of data clogged the country's lone undersea cable, causing Liberia's net access to flicker in and out for two weeks.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Shutterstock / Fabian Plock

    Caption by: Fox Van Allen

  • In which the IoT botnet attempts to influence an election

    In which the IoT botnet attempts to influence an election

    The Mirai botnet attacked the website of Donald Trump twice on Sunday, Nov. 6 and again on Monday, November 7. On Monday, the botnet also launched a similar attack against Hillary Clinton's website. Neither was taken offline.

    Another pre-election attack targeted a phone bank company, with negative effects on both Republican and Democratic campaigns.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: @realDonaldTrump

    Caption by: Fox Van Allen

  • Leet Botnet: Mirai's successor

    Leet Botnet: Mirai's successor

    Already, an even greater IoT threat than Mirai has been identified. On December 21, 2016, the Imperva Incapsula network was targeted with a 650 Gbps DDoS blast.

    The company believes that the attacker, unable to resolve the IP address of his intended victim, simply launched an attack against the anti-DDoS network as a whole to achieve his end.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: Shutterstock / Africa Studio

    Caption by: Fox Van Allen

  • What can you do to stop the IoT botnet?

    What can you do to stop the IoT botnet?

    How can you protect yourself -- and others -- against these IoT attacks?

    The first step is to make sure your own devices don't wind up getting caught up in a botnet. Change the default settings on your routers, remote access cameras, and other internet-facing devices. Be sure to update the firmware on your IoT devices, too.

    IoT device manufacturers, meanwhile, need to pay more attention to security themselves and better encourage end users to take this action.

    Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

    Photo by: PHOTOGraphicss/Getty Images/iStockphoto

    Caption by: Fox Van Allen

4 of 16 NEXT PREV
Fox Van Allen

By Fox Van Allen | March 1, 2017 -- 16:52 GMT (08:52 PST) | Topic: Internet of Things

  • zdnet-iot-crime.jpg
  • The weak security link
  • The Early IoT Hacks: Baby Spying
  • Dogecoin and IoT hacks
  • Enter the Lizard
  • The first generation of IoT DDoS attacks
  • Malware motivated by Minecraft money
  • A vigilante IoT attack?
  • Enter Mirai
  • Netflix down!
  • IoT hackers vs. journalists
  • Is this Anna Senpai?
  • A major attack against Liberia
  • In which the IoT botnet attempts to influence an election
  • Leet Botnet: Mirai's successor
  • What can you do to stop the IoT botnet?

Here's how the Internet of Things botnet went from being Minecraft server nuisances to a billion dollar threat that disabled a country's internet infrastructure

Read More Read Less

Dogecoin and IoT hacks

Hackers quickly began exploiting IoT vulnerabilities for financial gain. The Linux.Darlloz worm, first identified in November 2013, used infected routers and set-top boxes to mine virtual money.

A ZDNET article from March 2014 reports that the crooks had generated 42,438 Dogecoins and 282 Mincoins through the scheme -- less than $200 in total value.

Published: March 1, 2017 -- 16:52 GMT (08:52 PST)

Caption by: Fox Van Allen

4 of 16 NEXT PREV

Related Topics:

Digital Transformation Big Data Analytics CXO Innovation Cloud
Fox Van Allen

By Fox Van Allen | March 1, 2017 -- 16:52 GMT (08:52 PST) | Topic: Internet of Things

Show Comments
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • Every new Alexa device: Scenes from Amazon's event [in pictures]

    Here are sneak peaks of all the latest Alexa and Echo gear.

  • Netgear Orbi RBK752 tri-band Gigabit Wi-Fi 6 mesh

    Netgear expands its Gigabit Wi-Fi 6 offering with a new, lower-priced, Orbi RBK752 mesh system.

  • The biggest Internet of Things, smart home hacks of 2019

    Attackers targeted everything from gas pumps to your smart TV this year.

  • Technology we hate with a passion

    Hate is back in fashion again. Tech is no exception when it comes to being the target of our anger and frustration -- but this stuff truly deserves it. ...

  • The future of food includes self-driving tractors, precision agriculture, robots, AI, and IoT

    Get a first-hand look at how technology is transforming the way food is being produced for a rapidly growing population.

  • Pictures: Inside Lenovo's new Beijing campus

    Lenovo showed journalists around its recently opened campus in Beijing, which aims to create a 'Silicon Valley environment' for its 10,000-plus employees. ...

  • 16 office furniture upgrades and other work space must-haves

    From standing desks to telepresence robots, we dug deep, to find interesting tech buys for your office.

ZDNet
Connect with us

© 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use

  • Topics
  • Galleries
  • Videos
  • Sponsored Narratives
  • Do Not Sell My Information
  • About ZDNet
  • Meet The Team
  • All Authors
  • RSS Feeds
  • Site Map
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums