Today we argue hackers and their hacking techniques about internet. This is really important topic for everone because hacker can access what they want.
Hackers sabotage the Internet of unsafe things
Hacker attacks usually run secretly. The attackers penetrate into strange systems, copy data and try not to be discovered. Occasionally, they leave messages, be it as a warning or pride, to crack a system. They sabotage the systems so that they do not work. However, IT security company Radware has now observed such attacks on a test system. The objectives: poorly secured routers and other networked devices.
The login attempts were made with the username “root” and the password “vizxv”. This password can be found in many standard passwords lists. It apparently belongs to devices from Dahua, a manufacturer of surveillance cameras.Like many other manufacturers, Dahua uses the same password for countless devices. Attackers can use these standard passwords to log in automatically into devices, which they find via the IP address on the Internet. On the test server alone, there were over 1,000 attack attempts in a short time. Radware christened the attacks, which were done in two waves, BrickerBot.1 and BrickerBot.2.
While a malicious software is usually installed after such an attack, BrickerBot tries to execute numerous console commands to render the affected device unusable. Radware has released screenshots of several scripts. First, BrickerBot will try to overwrite file systems with random data. The first variant then tries to delete entire partitions. Subsequently, various commands are executed with which the network connection is to be deactivated or rendered unusable.
A signal to the manufacturer
Restoring the device is extremely difficult, especially for inexperienced users internet securityat his point is tremendous important. If an attempt at an attack on a camera should be successful, then this probably never again take pictures. Although theoretically the file system could be restored and a new firmware to play up, but this is especially with favorable IoT devices often only with greater effort. If any.
The destruction of devices by defective firmware is called also bricken, from English to brick. Hence the name BrickerBot. The motivation of the attackers can only be speculated so far. They obviously want to make sure that the infected devices do not work any longer. This could prevent particularly unsafe IoT devices from botnets being captured and causing even more damage.
The Mirai botnet, for example, had caused trouble last autumn. First, a permanent DDoS attack lamented the blog of the journalist Brian Krebs. The company Akamai, which had taken over the protection of the blog until then, did not want to protect cancer from the mass attacks. Later, Twitter, Github, Netflix and numerous other services became victims of the Mirai botnet and other hacker’s hacking techniques.
Despite these incidents, there are hardly any suitable suggestions on how to attack the botnets from unsafe IoT devices. Security experts like Bruce Schneier are calling for political intervention to control the market.
This could be, for example, a rule of liability in which manufacturers can be held responsible for safety.
But Schneier does not bump into open ears. The manufacturers ignore the problem practically completely.
And Germany’s Justice Minister Heiko Maas recently said at an event that he saw no immediate need for action.
Not legal, but effective
The perplexity leads to the fact that some security experts at least discuss the possibility of hacking and decommissioning the devices themselves. Now some seem to have taken up this idea. Legal is not that, could help it anyway.
Users can protect themselves against BrickerBot hacker techniques by not using devices with the standard passwords. If the password can be changed, you should do so and choose a non-trivial erratable password. However, there are also devices in which a change of the password is not provided. Such devices can simply no longer securely connect to the Internet. If they are useless without a network connection, probably the best advice is to use them no longer – and to pay attention to the next purchase on the security.