Monday, October 3, 2016

Details Emerge On The Big Internet-of-Things Hack: This Is Just Sick

From MotherBoard:
Over the last few weeks, unknown hackers have launched some of the largest cyberattacks the internet has ever seen. These attacks weren’t notable just by their unprecedented size and power, but also because they were powered by a large zombie army of hacked cameras and other devices that fit into the category of Internet of Things, or IoT.

On Friday, the hacker who claims to have created the malware that was powering this massive “Botnet Of Things” published its source code, which appears to be legitimate.

“It looks like this release is the real deal,” according to Marshal Webb, the chief technology officer of BackConnect, an anti-DDoS firm, who has been collecting samples of the malware in the last few weeks.

However legitimate, the malicious code isn’t actually that sophisticated, according to security researchers who have been studying it.

“Whoever originally wrote it clearly put some thought into it. Like, it’s better than most of the shit out there hitting IoT,” Darren Martyn, a security researcher who has been analyzing the malware told Motherboard in an online chat. “[But] it’s still fairly amateurish.”

The malware, known as Mirai, was dumped on Hackforums by its alleged author and later published by others on GitHub. Mirai is designed to scan the internet for vulnerable internet-connected devices that use the telnet protocol and have weak default logins and passwords such as “admin” and “123456”, “root” and “password”, and even “mother” and “fucker,” likely just a joke by the malware authors....MORE
The cussing isn't the nasty part. Look at this bit...
...The code is full of inside jokes and funny tidbits, such as several mentions of the world “memes,” and even a YouTube link that turns out to point to Rick Astley video “Never Gonna Give You Up”...
They Rickrolled the internet. 

See also MIT Technology Review in "The Internet of Things Goes Rogue".