Sign in / up

back to article Pwn goal: Hackers used the username root, password root for botnet control database login

An IoT botnet has been commandeered by white hats after its controllers used a weak username and password combination for its command-and-control server. Ankit Anubhav, of Newsky Security, said researchers with the company were able to take over the MySQL server used to control the Owari botnet – thanks to its creator leaving …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. J. R. Hartley

    The title is no longer required.

    Facepalm

    5 1 Reply
    1. The Hat In A Cat
      Reply Icon
      FAIL

      Re: The title is no longer required.

      That comment and then this one isn't required either.

      1 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    They should've picked a better name

    Mirai = future

    Owari = the end

    Add them together, their malware future has ended.

    1 0 Reply
  3. jake Silver badge

    Those aren't hackers.

    Those are script kiddies.

    25 1 Reply
  4. Anonymous Coward
    Anonymous Coward

    Unauthorised access

    Are the white hats liable to prosecution for unauthorised access of the MYSQL server? Seems to be the case when white hats access other systems, even if they are just trying to point out to the owner that it needs fixing.

    7 0 Reply
    1. Nick Kew
      Reply Icon
      Alert

      Re: Unauthorised access

      That was my first thought, too.

      Even if it wasn't a clear breach under old law, Leveson is firmly stamping on this kind of thing.

      2 0 Reply
  5. Steve Aubrey
    Joke

    Don't be so hard on them

    It was on their to-do list. Even hackers have tech debt.

    16 0 Reply
  6. FuzzyWuzzys
    Facepalm

    When will devs speak to their infrastructure teams?! Ha!

    As usual the developers go charging off and putting dev code out into production before they speak with the DBA and infrastructure teams! Bloody typical! Although in fairness, I can imagine these hacker devs probably has some arsehole project manager beating them with the paperwork and demanding a stupid release date be met! Ha ha!

    8 0 Reply
  7. T. F. M. Reader

    Throwaway by design?

    And maybe no really important information to protect? So no real reason to invest in security? Easy to remember creds on a shared system, and who cares if they are weak?

    Maybe these guys are not completely daft, after all. The article seems to suggest the white hats didn't manage to do much even with everything they discovered...

    Not sure why the bad guys had any history. That may cause some information leakage (though it seems to have leaked their competitors' IP addresses only in this case, eh?). That actually does sound like development infrastructure left in "production" code by negligence...

    4 1 Reply
    1. Brewster's Angle Grinder Silver badge
      Reply Icon

      The Al Capone manoeuvre

      But it does mean we can prosecute them under the GDPR. They might think twice about their exploits, then.

      3 0 Reply
    2. Nick Kew
      Reply Icon
      Holmes

      Re: Throwaway by design?

      Interesting thought. Honeypot or false flag spring to mind.

      If the security researchers are following up the information they found by spending their time chasing red herrings, or someone who's been framed ....

      BTW, nice username!

      0 0 Reply
  8. Doctor Syntax Silver badge

    Even when the errors are as basic as this it really isn't a good idea to publish them. Just let them make the same mistake elsewhere.

    1 0 Reply
    1. Waseem Alkurdi
      Reply Icon

      They would: root / toor this time.

      And root / r00t for the next.

      2 0 Reply
      1. handleoclast
        Reply Icon
        Coat

        They would: root / toor this time.

        Nope, password / username is a lot better. Nobody is expecting password for the username and username for the password. Guaranteed secure.

        5 0 Reply
  9. Joe Montana

    Hacked box

    Chances are they deployed the C&C on a compromised box, and root/root is probably how they themselves got access to it in the first place.

    0 0 Reply
  10. Claptrap314 Silver badge

    I blame MySQL

    For having a default password & admin account name in the first place.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like