back to article Mysterious Hajime botnet has pwned 300,000 IoT devices

Hajime – the "vigilante" IoT worm that blocks rival botnets – has built up a compromised network of 300,000 malware-compromised devices, according to new figures from Kaspersky Lab. The steadily spreading Hajime IoT worm fights the Mirai botnet for control of easy-to-hack IoT products. The malware is billed as a vigilante- …

  1. Anonymous Coward

    Hajime discovers devices on TCP port 23

    "A ​ Hajime infection begins when a node already in the ​ Hajime network–scanning random IPv4 addresses on the public internet–discovers a device which accepts connections on TCP port 23, the designated port for the Telnet service"

    No one in their right mind has telnet with default passwords running on a device connected to the Internet.

    1. Brian Miller

      Re: Hajime discovers devices on TCP port 23

      It doesn't matter if it's Telnet or SSH, the device is still exposed with default passwords!

    2. Anonymous Coward
      Anonymous Coward

      Re: Hajime discovers devices on TCP port 23

      No one with TECHNICAL knowledge of IOT and WiFi you mean.

      The rest of Joe public have no idea how their fridge knows they have no milk, they just know it does.

    3. Anonymous Coward
      Anonymous Coward

      Re: Hajime discovers devices on TCP port 23

      No one in their right mind has telnet with default passwords running on a device connected to the Internet.

      That's because you're thinking sysadmin, software, or just old fashioned sensible.

      Stop all that, and think manufacturing. No such thing as pentesting, no such thing as UAT, just a simple test for readiness to ship: Was it cheap to build, and does the f***er basically work? Now think Shenzen no-brand IoT manufacturer, working in a market where consumer protection is merely an alien concept....and there you have the origins of IoT.

      1. nano200

        Re: Hajime discovers devices on TCP port 23

        Add to that that regular Joe has no clue how his computer works, uses it to only browse, where all his interaction with his computer happens, and thinks tech support is best done by PcWorld (for the UK).

        Consumers are going to be their own biggest nightmare, as they gradually loose control and make it even more impossible for themselves (collectively) to keep data safe.

        Welcome to the future everyone, its going to be a ride!

        1. Meph

          Re: Hajime discovers devices on TCP port 23

          There's a certain percentage of regular Joes that believe their web browser is "Windows" and that the screen is the computer. They have more network bandwidth available than they'll ever use, and will in all likelihood, never notice that their fridge, TV and microwave all moonlight as minions of a botnet herder, regardless of hat colour or orientation.

          Educating the masses isn't even really a viable answer, because there are too many out there who convert information to white noise on the basis that they "can't possibly understand this technology", so they refuse to even try.

          The coup de grâce arrives via the medium where a branded offering with all the appropriate security built in is invariably more expensive than the cheap 'n cheerful version that can be hacked with an etch a sketch. This results in good old Joe buying the one that makes his wallet cry less, and leaves the door wide open to exploitation.

          Perhaps there's a way to resolve the issue with the power of those of us working in the world of IT, by making Telnet/SSH access through commercial ISPs an optional extra (perhaps even for a token fee). This way, only people who both know what SSH is, as well as knowing the risks they're taking will buy it, and it might force manufacturers to use other ports for their IoT devices to phone home. At the very least, it will remove remote admin access as a potential attack vector.

      2. Doctor Syntax Silver badge

        Re: Hajime discovers devices on TCP port 23

        "Was it cheap to build, and does the f***er basically work?"

        The object of vigilanteware is to raise the bar for "basically".

  2. Brian Miller

    Somebody redefined malware...

    "Hi, I'm a white hat, and I'm securing your system, whether you like it or not." So is it malware if it doesn't do anything malicious?

    I wonder if the author is someone who got bit by the other botnets, and decided that they'd simply go and make life easy for themselves, by taking away all those lovely toys others have left lying about. Hajime seems careful about what it infects, so the author is trying to avoid extremely serious shit storms if someone successfully traces out the source.

    1. Anonymous Coward
      Anonymous Coward

      Re: Somebody redefined malware...

      This looks like the "beginning," or a turn of the tides, where white hat hackers are going to start being proactive about security on openly available systems that are not secure. Think of it as the white hat taking the lead away from the black hat, if you're into that metaphor. The author of Hajime is merely stating that; "I have out-coded the authors of Miri in my spare time, in fact I'm wiping out their bots and shutting down the ports for nothing. It costs me nothing to shut down their money making, and or DDoS, operation." If no one is going to secure their device, who better to reach it first and fix it for them? Could this be taken over in-turn, possibly. But again, this is a team or an individual with more skills that the author of Miri, and they are shutting them down, just for fun. Hack a hacker, if they can't take a hack.

      The criminal hackers are not all that clever. They break this or that, but in the end they produce zero value, and can't even participate in providing zero-day defects to the hardware/software vendors because of the reasons stated above; they are typically not that good at what they do, they copy the methods from better programmers/hackers and just spread that. No original thought. People with real skills build things of value and make money off of that in the real world, and in their spare time screw over idiots like the Miribot kids, or whatever they want to call themselves. People with real skills setup their own security firms or make lots of money cleaning up enterprises. Or maybe their government pays them handsomely, or keeps them from prison, to join the local cyberarmy. Nation-state hacking teams; probably something to avoid and be wary of. Individual hackers? Not so much. Look at the "crack hacker team" that made light of TalkTalk. It was a couple of kids doing SQL injections. Hiring a couple of kids to secure TalkTalk from the inside would have been a safe bet, but dumb CEOs can't think out of the box like I just did. That's why they got hacked again, and again. It's not over. It's just the beginning.

    2. SloppyJesse

      Re: Somebody redefined malware...

      "Hajime seems careful about what it infects, so the author is trying to avoid extremely serious shit storms if someone successfully traces out the source."

      Or it's avoiding poking a stick in a hornets nest until it's good and ready...

      Avoiding certain targets shows awareness but it doesn't mean it's benign, just a bit more clever.

  3. Gene Cash Silver badge

    Where's BrickerBot when you need him? That's the hero we all deserve!

  4. Doctor Syntax Silver badge

    "its objective remains unknown"

    Its objective seems clear enough: to keep malicious botnets from attacking vulnerable devices.

  5. Destroy All Monsters Silver badge


    How about giving France to Putin by tipping the balance of the presidential elections in favor of #ourgal?

    "Journalists" are sure to be able to find the connection before the next web edition goes up, if need be by making random shit upciting anonymous sources from the ever-vigilant but reluctant bulwark against slavic incursions, the GCHQ.

  6. Steve Davies 3 Silver badge

    do we need any more justification?

    to ban the sales of ALL IOT devices unless they can pass a whole shed load of tests?

    I don't care who makes the kit, if it fails then no sale, pure and simple.

    As for me? No, repeat No IOT crap will be connected in my domain.

    At least not while I'm breathing.

  7. bombastic bob Silver badge
    Thumb Up


    The 'white hat' (actually GREY hat) infection of vulnerable (and possibly, infected) devices for the purpose of shutting down Mirai is, in my view, a CROWNING MOMENT of AWESOME!

    OK it could have been used for bad things, but it wasn't. It should still frighten people, because it's potential use for evil still exists. Some brilliant grey-hat hacker did something "BAD" for a GOOD CAUSE, the kinds of thing that makes for LEGENDARY ANTI-HERO status.

    Assuming that the author is 'chaotic good' and not 'chaotic evil', that is.

  8. DNTP

    Free market at work

    I thought maybe the IoT makers would perceive Hajime as a "hand of the free market at work" thing and use it as an excuse to keep making insecure devices.

    Then I realized how stupid that was; they're just going to keep being complacent without needing an excuse.

  9. Anonymous Coward
    Anonymous Coward

    I call "it's a trap!" on the Hajime botnet. It's going to go native and enact it's true goal - complete internet destruction.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020