back to article Security man Krebs' website DDoS was powered by hacked Internet of Things botnet

The huge distributed denial of service (DDoS) attack which wiped security journalist Brian Krebs' website from the internet came from a million-device-strong Internet of Things botnet. "Attack appears to include numerous IoT devices, including security cameras. Still itemizing them," an Akamai spokesman told El Reg by email. …

  1. CM
    WTF?

    Akami?

    Surprised at Akami. The world knows their limit now. They should have kept him onboard even if a short offline of the host was done to shut down the attack.

  2. Anonymous Coward
    Anonymous Coward

    Cry baby dossers

    ohh poor babies got caught being bad people, so now they do more bad things. Fricking crybabies. Get a real job, contribute to the world and stop being such a cry baby/taker.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cry baby dossers

      :') Get back to Reddit!

  3. Dick

    What's an IOT device owner to do?

    Aside from changing any default password that's user accessible, what can an IOT device owner do to minimize the risk of their device being used this way?

    1. SImon Hobson Silver badge

      Re: What's an IOT device owner to do?

      > ... what can an IOT device owner do to minimize the risk of their device being used this way?

      Unplug it ?

      1. CrazyOldCatMan Silver badge

        Re: What's an IOT device owner to do?

        > Unplug it ?

        Or (if you *have* to have it), put in a good firewall and make sure access to it is comprehensively filtered.

    2. Brian Miller

      Re: What's an IOT device owner to do?

      That's the problem: besides keeping the firmware up to date, and having non-default passwords, nothing can be done. They have basic configuration security holes you can fly a Deathstar through, and you can't do anything about them, except for not allowing the world+dog to access them through the network.

      But most people (vast majority) not only allow world+dog to access them, but the devices don't have the passwords changed or the software updated. And this won't change until the ISPs shut access off until the customers secure the devices.

      1. Robert Helpmann??
        Childcatcher

        Re: What's an IOT device owner to do?

        ...not allowing the world+dog to access them through the network.

        That! That right there! Some enterprising soul ought to start offering home network security services that start with setting up a router and blocking any attempt to access from outside and move on from there.

      2. ilmari

        Re: What's an IOT device owner to do?

        An increasing number of cameras seem to, in addition to manufacturer dyndns, have always-on unconfigurable tunnels back to the manufacturer, or some other "cloud" in China, so that the mobile apps will "just work" through quadruple NATs.

        My router supports WAN capture and I figured out the external IP the camera connected to with that, and the router also let's me block IPs. Quite a complicated thing to do for most people though!

        1. Anonymous Coward
          Anonymous Coward

          Re: What's an IOT device owner to do?

          I made sure I bought wired and kept the box unconnected from our network. If I develop an overwhelming urge for off-site monitoring, well that's what subnets, VPN's, & c. are for. Recording (deliveries anyone?) and bonking when someone comes on-property were my interests.

          1. Dan 55 Silver badge
            Coffee/keyboard

            Re: What's an IOT device owner to do?

            Two nations divided by a common language?

          2. phuzz Silver badge
            Alert

            Re: What's an IOT device owner to do?

            "bonking when someone comes on-property"

            I'm not sure what that means but it sounds kinky.

            Please continue...

        2. CrazyOldCatMan Silver badge

          Re: What's an IOT device owner to do?

          > and the router also let's me block IPs

          My firewall currently blocks the whole Chinese netblock..

      3. Crazy Operations Guy

        "besides keeping the firmware up to date, and having non-default passwords, nothing can be done."

        There are far too may devices out there were you can't change its password or upgrade its firmware. Some of them will have a device-unique password, but is mathematically derived from its MAC address or serial number (Which it'll stuff into every outgoing packet...)

        1. Long John Brass
          Pirate

          besides keeping the firmware up to date, ...

          derived from its MAC address or serial number (Which it'll stuff into every outgoing packet

          MAC addresses are stripped by whatever gateway forwards the traffic

    3. Captain Badmouth
      Big Brother

      Re: What's an IOT device owner to do?

      I think we should start referring to them as idIOT devices.

      1. Captain DaFt

        Re: What's an IOT device owner to do?

        "I think we should start referring to them as idIOT devices."

        Insecurely Designed Internet Of Things

        There ya go!

        1. peecoomar

          Re: What's an IOT device owner to do?

          FULLY AGREE.. I like it IDIOTS will take over the world !!

    4. ecofeco Silver badge

      Re: What's an IOT device owner to do?

      Not buy one in the first place.

      I and others here have been warning it was only a matter of time. The other warning is that it will not be fixed any time soon.

    5. Matt Bryant Silver badge
      Facepalm

      Re: Dick Re: What's an IOT device owner to do?

      "....what can an IOT device owner do to minimize the risk of their device being used this way?" Put a decently configured firewall between the IoT devices and the Internet to stop them being a nuisance to everyone else.

  4. Matt Bryant Silver badge
    Facepalm

    GRE packets?

    Surely, if you're not expecting any incoming VPN requests to the IP address of your website, just block the GRE ports and ignore such requests?

    1. SImon Hobson Silver badge

      Re: GRE packets?

      > ... just block the GRE ports and ignore such requests?

      Well that would be what the DDoS management service would do. But it needs the ability to divert all the traffic through a site which a) has the bandwidth and b) is able to apply filters to that volume of traffic.

      Most ISPs won't have the means to redirect all that traffic AND filter it - even if they have the upstream bandwidth. Trying to filter it at your own site is useless because it's too late then - a few Gbps of traffic down your 10-100Mbps pipe will completely overwhelm everything.

      And then there is the issue that dealing with this needs prior planning. It's no good phoning up your ISP and asking them to do it "on the fly" as they won't have anything in place. This is where the DDoD mitigation services come in - what to do when it happens is pre-arranged, so you call them up, they trigger the required changes (typically changing the advertised route), and filter the traffic from their own network before passing it (the filtered :good: traffic) on to you.

    2. Anonymous Coward
      Anonymous Coward

      Re: GRE packets?

      Yeah you could. Depending on the router...however even dropped packets could technically cause a DDoS. The router/firewall still has to determine what a packet is before it drops it. A big enough queue of traffic could fill the routers memory up or put a significant load on the processor to prevent other traffic getting through.

      Your best bet is to redirect it upstream somewhere.

      Whichever has the lowest overhead.

      In this case they redirected to a sinkhole.

      I generally reserve an IP or two with old crap hardware for this very purpose.

      It also helps to have a website that can be shifted easily. This may be part of the reason static content generators are becoming more popular.

  5. gr00001000

    sites down again

    26-Sept-2016 18:55 site is saying 503 Service Temporarily Unavailable. I was navigating to read it but suspected something was up then found this story.

  6. Badger Murphy
    Mushroom

    The shock! The horror!

    Looks like the DDOSers are starting to take advantage ow the e-WMDs we've given them by failing to regulate security requirements onto IoT hardware. Stay tuned as their power grows year over year, as everything with an outlet slowly gets moved online.

  7. Anonymous Coward
    Go

    In So-IoT Russia....

    Refrigerator used to make choices about website!! :)

    1. Anonymous Coward
      Anonymous Coward

      Re: In So-IoT Russia....

      In So-IoT Russia they have strong DDoS. Russian DDoS. Covered in bears.

      Also, Putin could probably DDoS you by himself. With his shirt off. In the wilderness. Whilst riding a bear that he tamed himself by hypnotising it by waving his massive (and 150% heterosexual) cock and balls.

      At least thats what his press team would say.

  8. Mark 85 Silver badge

    Seems that IoT is about to bite itself in the ass... if it hasn't already. Add zilch security to basically solutions looking for problems.

    As for the cameras... while necessary for many businesses and home security, the manufacturers just don't give a crap as to who has access to them. Pity... security of the device could be a selling point, in my opinion.

    1. Alan Brown Silver badge

      As for the cameras...

      The irony of security devices with zilch security shouldn't be lost on anyone.

      The way forward is to prosecute a few people for participating in a DDoS.

      If they turn around and sue their suppliers, things would change pretty fast. Finding there are liabilities involved is a rapid way of making people aware of the consequences of their negligence.

  9. Syntax Error

    IoT should be banned. Trouble is finding a politician in the UK who understands.

    1. ecofeco Silver badge

      Or anywhere. It's the new fashion tech.

  10. Mikey

    Are you feeling it now, Mr Krebs?

    Seriously though, how long are we going to suffer all this hell of unsecured gadgets and a systems before we get something even remotely secure... (haha, geddit?)

    Maybe someone should use such a network and go hit he designers systems, give them a taste of a problem of their own making, methinks?

  11. Anonymous Coward
    Anonymous Coward

    A quick fix...

    For a significant chunk of the devices out there would be for ISPs to disable uPNP by default on their crap routers.

    Then get rid of the crap routers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021