Hackers Sell $7,500 IoT Cannon To Bring Down The Web Again
Forbes: Think Friday’s massive outage was bad? Worse is expected, as hackers are selling access to a huge army of hacked Internet of Things (IoT) devices designed to launch attacks capable of severely disrupting web connections, FORBES has learned. The finding was revealed just days after compromised cameras and other IoT machines were used in an attack that took down Twitter, Amazon Web Services, Netflix, Spotify and other major web companies.
In what is a first for the security company, RSA discovered in early October hackers advertising access to a huge IoT botnet on an underground criminal forum, though the company declined to say which one. (F-Secure chief research officer Mikko Hypponen said on Twitter after publication that it was the Tor-based Alpha Bay market). “This is the first time we’ve seen an IoT botnet up for rent or sale, especially one boasting that amount of firepower. It’s definitely a worrying trend seeing the DDoS capabilities grow,” said Daniel Cohen, head of RSA’s FraudAction business unit.
The seller claimed they could generate 1 terabit per second of traffic. That would almost equal the world record DDoS attack, which hit French hosting provider OVH earlier this month at just over 1 terabit. For $4,600, anyone could buy 50,000 bots (hacked computers under the control of hackers), whilst 100,000 cost $7,500. Together, those bots can combine resources to overwhelm targets with data, in what’s known as a distributed denial of service (DDoS) attack.
Cohen said he didn’t know if the botnet for hire was related to Mirai, the epic network of weaponized IoT computers used to swamp DYN – a domain name system (DNS) provider and the chief target of Friday’s attack – with traffic. But FORBES was able to find a forum post on Alpha Bay from the seller, who went by the name loldongs, which noted they had created a Mirai-based botnet. The original post was on 4 October, just a few days after the Mirai source code was made available to everyone. In a later post, in response to another user’s request, loldongs claimed: “I can take down OVH easily.”
Statement By Secretary Johnson On Recent Cyber Incident
For Immediate Release
Office of the Press Secretary
Contact: 202-282-8010
The Department of Homeland Security is closely monitoring events arising from the distributed denial of service attack on Dyn on Friday, October 21. Later that day, the Department convened a conference call of about 18 major communication service providers to share information about the incident. At this time, we believe the attack has been mitigated. We have shared relevant information with our partners and through our Automated Indicator Sharing program.
We are aware of one type of malware potentially used in this incident. This malware is referred to as Mirai and compromises Internet of Things devices, such as surveillance cameras and entertainment systems connected to the Internet. The NCCIC is working with law enforcement, the private sector and the research community to develop ways to mitigate against this and other related malware.
The Department has also been working to develop a set of strategic principles for securing the Internet of Things, which we plan to release in the coming weeks.