New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Many of the devices are the remote access web panels to IP cameras. Those that are on a NAT network (likely), are port forwarded / DMZ.
The default password is hilariously stupid, it was my first guess.
Some of these cheap devices can actually be seen transmitting data to odd locations for no apparent reason right after setup, I'm told. Almost like someone out there is shipping devices to be used in a botnet. I may just be paranoid but I mean why not, right? Especially if it's a state sponsored thing. We wouldn't know.
@jarland Probably reporting back geographic co-ordinates or something to form a great big spy camera network for chinese intelligence services or something.
It makes sense. We've had the whole "security thing" upside down for years. Snowden probably thought he will wake us up, little did he know about human ignorance. Only way we'll wake up is when we feel the burn.
It isnt just bad default settings - come of them have wide open back doors to their shell or their firmaware update systems
Shake
Chinese? I thought you were talking about Google House View.
Did somebody say 'clipper chip'?
Yea, you are. The Chinese would never produce this in China (keep in mind, officially the government owns part of nearly any business in China), they would hire a company in Vietnam or India for it, solely alone already for the reason to prevent local sale (yes, the Chinese agencies also follow laws which are not too far from the US constitution in local spy regard).
Useless as the NSA noted before, while you can send the location in a single beacon packet there is no way to send images (or video) unless you opt for near zero quality or modify the hardware visibly (4G module or additional directional wireless module), else you end up in an IDS system very quickly ("oh yea we are in Hanoi and our cam starts sending images to Madrid, totally normal, we best ignore it....") just by the traffic levels (480p/30 = at least 512Kbit up, on DSL a lot).
Behind NAT but probably using UPNP to punch a hole in that NAT so you can super conveniently remote access your IP cameras.
Lets face it a lot of consumer routers default to UPNP on as do a load of the ISP supplied ones so that the xbox/ps4/whatever "just works"
Lots of Layer 7 attacks being thrown about with all this discussion of DDoS attacks. Probably unrelated, but the discussion is keeping it in the mind of kids around the world.
Plenty of people ignoring their bandwidth usage from their part of the DDoS, something which would be substantially more.
FYI:
Lots of applications for these are used as baby monitors & home cameras. No IDS's at home. It's unlikely anyone would notice the NSA/whoever taking a peak, "Gee the internets slow today".
Even at many organisations (SMB) they don't have the facilities and frameworks to deal with such a thing. Larger organisations, sure... but they probably arent buying cheap chinese crap of Aliyup.
Someone needs to come up with a easy to use and cheap IDS system and then include it in routers, that said IDS does require a lot of CPU power.
I run in on my IOT vlan but it's to CPU intensive to run on all my traffic, and whilst I could upgrade the machine running the firewall that becomes tricky when I want it to be silent because it's in the living room.
@dragon2611 TBH IPv6 is what makes this really scary. Exposing everything on your LAN to the public internet via a unique IPv6 address?
The only upside is that at this stage its unfeasible for individuals (nations states maybe?) to scan the entire IPv6 range.
So many applications intended for LAN usage aren't coded with security in mind. Often these sorts of applications lack both encryption and authentication.
Some of these devices are terrifyingly insecure. This is one i wasa just reading up on - it has TWO web servers, one which passes logins UNSANITISED to the CLI, and the other which provides a firmware update mechanism which is scarily insecure. But if that isnt your thing - you can just walk up to this OUTDOOR camera, press a button and it will go into an unsecured AP mode and talk to anythign that connects to it, transmitting all its data unencryped to the attaching device.
No its not some Chinese nobrand (well it is, once you open it up) - Its a Motorola - apparently based on one of their earlier disasterously insecure baby monitors.
Whether the Cinese gov has anythign to do with these backdoors is anyones guess - as Hanlon's razor puts it 'never attribute to malice that which can be adequately explained by stupidity' or to put it another way 'cock-up before conspiracy'
http://www.contextis.com/resources/blog/push-hack-reverse-engineering-ip-camera/
https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
Krebs is back online and is now hosted by Google.
https://projectshield.withgoogle.com/public/
Which is interesting because I had no idea Google offered DDOS protection
Whoa. I did not either, but I like the sound of this:
That's pretty damn cool of them.
They are doing it for FREE too which is impressive. I guess Google does have tons of money to eat up any amount of bandwidth costs. It seems like its similar to cloudflare except they only accept, as you said, "news, journalist, human rights, and elections monitoring sites". I hope they expand their range of allowed content, but I am guessing that won't happen. Seems like its been around since 2013 to a small number of beta testers and went public this year back in February. http://www.pcmag.com/article2/0,2817,2499976,00.asp
Might have got something to do with them mostly uploading and having plenty of free downstream bw left.
No, they're not idiots. These attacks are likely from the vDOS crowd whose owners just got arrested in Israel.
Right now it makes sense to show the public of what they're capable. Israel will bend justice if these guys can be useful in state security. I expect these kids to get 2 months in the slammer and mandatory 5 years IDF conscription. They'll be working on behalf of Mosad in no time.
(P.S., this is no different than what the U.S. justice affords.)
Israel has no need for them realistically, the security services have better options.
However, bending might not be too required, as said.. the cybercrime laws are not really clear.
Problem here also, they have simply not paid a lot of tax which is not something the gov/IDF can easily stop unless they pay/"pay on paper" (= zero it) as it is separated judicially to some extent.
One of them is conscripted anyway and the other is IIRC not eligible, Mossad also does not require IDF training or joining (helps and is useful, yes, but plenty of people are foreign soldiers and similar, many of the older generation(s) are not born in Israel either).
Not really, so far all the ISP supplied routers that support IPv6 i've seen have at least been sensible enough to have a default deny WAN > LAN firewall in place.
They started that at about the same time as the Arab Spring.
Because it makes IPv6 so useful. /sarcasm
connected-related
Well, it isn't doing Krebs any good. He's down.
We just got attacked on one of our node with 750M Attack which passed OVH filers,
OVH firewall did not detect anything
I would not report their "success" here. That's like a free blowjob for an ugly male teenager out there.
Move the topic behind the login page? I think the 'general offtopic' section doesn't return on the googles.
Francisco
What if the attacker is already logged in, Sir?
That's especially annoying when they only guarantee 300 odd Mbps connectivity ey?