CCTV Cameras Used in Botnet

October 21, 2015, security company Imperva Incapsula reported discovering roughly 900 CCTV cameras that have been compromised and used in a botnet. Incapsula researchers found a malicious code that turned the said closed-circuit security (CCTV) cameras into a botnet, which can be used to launch distributed denial-of-service (DDoS) attacks to unsuspecting systems. In this particular case, the target of the DDoS attack was a “rarely-used asset of a large cloud service, catering to millions of users worldwide.”

The compromised devices are all running embedded Linux with BusyBox, which is a bundle of striped-down versions of common Unix utilities put together into a single executable file. The malware found in the cameras was designed to scan for network devices running BusyBox with open Telnet/SSH services that are susceptible to brute-force dictionary attacks. This technique is not especially new or unique. The malware is a variant of a known ELF binary, Bashlite (a.k.a. Lightaidra and GayFgt).

It is worth noting that the CCTV cameras were logged from multiple locations, which Incapsula says is a sign that these devices have been tampered with by several different individuals. The security company went on further to say that this shows how easy it is to locate and hack such unsecured devices.

Comments are closed.