How CCTV cameras tried to break a large cloud service

Do you have any web-enabled CCTV cameras? If so, you might like to check that they have not been hijacked into a botnet, that access to them is fully secure, and any default username and password have been changed.

Recently, security experts Imperva, Inc., were called in to investigate a distributed denial-of-service attack on a cloud service which is used by millions of users worldwide.

They describe the attack as ‘run of the mill’, and quickly discovered that it had been mounted by a botnet composed of just under a thousand CCTV cameras, spread around the world. The compromised cameras were all running embedded Linux with BusyBox installed, to which an intruder had added malware, a variant of ELF_BASHLITE (Lightaidra or GayFgt) which was busy flooding the cloud servers with HTTP Get requests.

The weakness which appears to have been common to the CCTV systems involved is that they were accessible through their default login credentials: a security error which is widespread in the Internet of Things (IoT).

As the IoT grows rapidly, such problems can only get worse. So the next time that you’re struggling to access iCloud or a major web service, it might be a horde of CCTV systems which are causing more grief.