How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet
Last week, hackers forced a well-known security journalist to take down his site after hitting him for more than two days with an unprecedented flood of traffic.
That cyberattack was powered by something the internet had never seen before: an army made of more than one million hacked Internet of Things devices.
The hackers, whose identity is still unknown at this point, used not one, but two networks—commonly referred to as “botnets” in hacking lingo—made of around 980,000 and 500,000 hacked devices, mostly internet-connected cameras, according to Level 3 Communications, one of the world’s largest internet backbone providers. The attackers used all those cameras and other unsecured online devices to connect to the journalists’ website, pummeling the site with requests in an attempt to make it collapse.
These botnets were allegedly behind the staggering and crippling distributed denial of service attack (DDoS) to KrebsOnSecurity.com, the website of the independent journalist Brian Krebs, who has a long history of exposing DDoS-wielding cybercriminals. The digital assault surpassed 660 Gbps of traffic, making it one of the largest recorded in history in terms of volume.
Level 3 has been tracking one of the botnets used against Krebs for about a month, and last week the company saw that hackers used that botnet, along with another smaller one, against Krebs.
“They’re still using it against Krebs,” Dale Drew, chief security officer at Level 3 Communications, told Motherboard on Wednesday. “As of this morning.”
Security researchers and internet defenders are still looking into the attacks and trying to track who’s behind them, but people who’ve been working to protect websites against large denial of service (DDoS) attacks such as this one all agree this was was unprecedented both because of its shocking size and because of the use of what could be called a Botnet of Things.
“This was the biggest attack we’ve ever seen,” Martin McKeay, the senior security advocate for Akamai, the company that was providing protection to Krebs when the attack started last week, told me.
At this point, however, it’s unclear if the attackers used the full power of the two botnets or just a portion of it. Drew said that the hackers used around 1.2 million nodes of the total 1.5 million-strong botnets against Krebs. But McKeay, who declined to go into the details of the attacks citing company policies toward customers, said that “nothing” Akamai saw suggests those numbers are “possible.” (Akamai, which was providing Krebs with pro-bono protection, decided to let him go when it became too costly to hold off the barrage of traffic.)...MORE