Vigilante Hacker is Trying to Save Us From Ourselves

Surely we’re all aware that cyber attacks are getting worse and it’s because there’s been thousands of unsecure, internet-enabled devices hitting the market. These can range from light bulbs you can control with an app to classic printers, but many of them are vulnerable to attack. Hackers have already taken control of millions of these devices and used them as pawns in their own cyber attacks. What’s worse, governments who are often responsible for regulating security, have yet to respond. That’s led some to take matters into their own hands.

BrickerBot is a particularly sophisticated bit of malware. And it does exactly what it says on the tin — it will permanently disable electronics that fail basic security checks. These bits of code roam the internet searching for unsecured devices. If the bots find one and break in using default passwords, then they corrupt its memory and disable its network connection, taking it offline.

According to Ars Technica, there may be up to four versions in the wild — all launched within the past month. Each version is more aggressive in the last, and collectively they’ve removed two million devices from the internet. Each bot targets totally different gadgets, but all have one thing in common: their security holes.

They all use basic interface software and leave default passwords unchanged. That’s the same types of devices that Mirai, the IoT botnet package that launched many of those record-setting distributed denial of service attacks from last year.

A coder known as “Janit0r” has claimed responsibility and isn’t sorry. In a statement sent to niche site, Bleeping Computer, Janit0r lamented the state of cyber security.

“The IoT security mess is a result of companies with insufficient security knowledge developing powerful Internet-connected devices for users with no security knowledge,” they said. “Most of the consumer-oriented IoT devices that I’ve found on the net appear to have been deployed almost exactly as they left the factory.”

Law enforcement has been hunting Janit0r, so it’s probably wise that they haven’t come forward. While almost certainly for the good of us all, these attacks are super illegal.

“I hope the unconventional actions by ‘BrickerBot’ have helped in buying another year of time for governments, vendors and the industry, in general, to get the current IoT security nightmare under control,” Janit0r said.

And they’re right. This is without question one of the biggest problems facing global security. The size of the cyber-attacks last year were overwhelming. If we don’t do something to secure the millions of gadgets being sold, we could be facing an era in which critical backbones of the internet are regularly taken down. Dark times indeed.