Hackers Selling Access To a Huge IoT Botnet

Although it seems like it is a relatively new aspect of information technology, The Internet of Things (IoT) has been around in for many years now, albeit it’s under different names.

As the ability to connect and remotely manage a number of networked automated devices through the internet becomes more pervasive, key security issues about IoT are becoming more apparent.

Recent events in the span of one week have once again put the security concerns of IoT devices on the spotlight.

According to a report documented by Forbes, black hat underground hackers are currently selling a large number of hacked IoT devices through the Alpha Bay Market.

These IoT devices are similar to the ones used for the Distributed Denial of Service (DDOS), this is the attack carried out on Friday 21st October that brought down sizeable parts of the internet.

Hundreds of thousands, if not millions of IoT devices were compromised by a malware called Mirai which was subsequently recruited into the botnet.

This malware scans the internet for IoT devices such as security cameras, routers, and DVRs with factory-default security measures then it will be use to unleash junk traffic on a targeted online service.

Its source code was released by its creators near the end of September.

This means that it is currently possible for nearly anyone with coding skills to orchestrate a similar attack.

This botnet being sold on Alpha Bay Market was effectively employed to target the Dyn domain name service (DNS).

The hacked devices sent requests to the Dyn DNS service that would essentially cause key websites including Amazon, Twitter, Netflix, Reddit, GitHub, and PayPal to be unavailable to a large majority of internet users in the US.

Many of the IoT devices that were part of Friday’s attack were DVRs and cameras that;s being manufactured by Hangzhou Xiongmai Technology, a Chinese electronics company.

The fact that the hackers are openly selling this IoT botnet through the Alpha Bay Market, this should definitely be a cause of worry.

Security firm RSA first got wind of the sale of the IoT botnet in early October.

F-Secure would later confirm that the underground platform being used to advertise the botnet was the dark web Alpha Bay Market on the Tor network.

While DDoS attacks have been the pain point for the internet since its inception, the direction that recent attacks are taking is concerning.

The IoT botnet being advertised on Alpha Bay Market is said to be capable of generating 1tbps of traffic.

For comparison purposes, the recently record worst DDoS attack generated a little over 1 tbps of traffic.

That attack was carried out earlier this month on OVH, a French hosting service provider.

According to the aforementioned Forbes report, 50,000 bots are going for $4,600 while 100,000 bots are $ 7,500.

The seller’s post was located in the Alpha Bay Market and it revealed that the botnet was created using the Mirai Malware.

Since IoT devices are available in bulk.

There remains the possibility of more botnets being created in the near future.

Whatever the case maybe, this is bound to revamp the debate on the proper implementation of internet security.

As it has currently been pointed out that security regarding IoT devices can be improved by both the IoT device manufacturers and the end users.

Security Firm, Flashpoint stated that one of the problems with many IoT devices is vulnerability via the Telnet and SSH communication services.

These are command line interface is based on text that enable remote connection to the device.

On the other hand it can be accessed through command prompt that enables attackers to determine usernames and passwords.

According to Hangzhou Xiongmai Technology, this feature was turned off in September 2015.

The IoT devices breach was still possible in part due to end users still running the firmware developed before the company released the patches to prevent such attacks.

This is something that black hat hackers who operates on dark net platforms including Alpha Bay Market are well aware of.

An internet scan was conducted on October 6th which reveals that a large number of IoT devices were still running under the vulnerable firmware.

The websites that were affected by last Friday’s DDoS attack could have been avoided had they implemented more internet security measures.

Although they can be difficult to mitigate, enlisting the services of secondary back DNS providers could have made it difficult for the Alpha Bay Market hackers.

Until an industry security association is formulated and the proper standards on the security of IoT devices are widely adopted, they still remain dangerous considering that it’s still on sale, and it could be sold to anyone in the Alpha Bay Market.


Leave a Reply