Attacks On The Internet Keep Getting Bigger And Nastier

Discussion in 'HardForum Tech News' started by HardOCP News, Oct 24, 2016.

  1. HardOCP News

    HardOCP News [H] News

    Messages:
    0
    Joined:
    Dec 31, 1969
    Do we really need all these networks of connected devices? A refrigerator that can use the internet? Connected thermostats? And, if you do use these devices, how about throwing a little security on them so that they can't be used in attacks like this?

    On Friday, epic cyberattacks crippled a major internet firm, repeatedly disrupting the availability of popular websites across the United States. The hacker group claiming responsibility says that the day's antics were just a dry run and that it has its sights set on a much bigger target. And the attackers now have a secret weapon in the increasing array of internet-enabled household devices they can subvert and use to wreak havoc.
     
  2. Ducman69

    Ducman69 [H]ardForum Junkie

    Messages:
    10,445
    Joined:
    Jul 12, 2007
    Home automation is awesome. But who would risk committing a felony just to make my lights turn on and off or changing the temperature in my house? IMO, go at it, but if we catch you, my vote is to throw your ass in jail until you rot as an old man, basically forfeiting the rest of your life.
     
    WorldExclusive likes this.
  3. Monkey God

    Monkey God Mangina Full of Sand

    Messages:
    6,722
    Joined:
    May 7, 2007
    Its too bad no one could have predicted this. Nope. Wasn't predictable at all.
     
  4. JayteeBates

    JayteeBates [H]ard|Poof

    Messages:
    4,638
    Joined:
    Jul 21, 2007
    The problem with that is - you-me-we non offenders pay for that person for life.
     
    cyclone3d and Stev3FrencH like this.
  5. Poseur

    Poseur Limp Gawd

    Messages:
    353
    Joined:
    Oct 7, 2009
    Maybe we need a simple way to isolate home LANs from the internet. Not just a firewall; something more physical. I have a printer, NAS and security cameras on my LAN. They're behind a firewall, but I'd love to isolate them further. VLAN is the closest thing I could find and that doesn't look ideal. Then again they all need firmware and software updates from time to time. Tough little problem. I guess we just need better firewalls?
     
  6. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,890
    Joined:
    Aug 16, 2004
    Yeah, I don't want my tax dollars to be going towards housing/food/clothing/education/entertainment/medical, etc for these idiots.

    Hang them I say.
     
  7. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,890
    Joined:
    Aug 16, 2004
    Sophos UTM is a great little firewall setup.. if you don't mind making rules for absolutely everything that needs to get in/out. It is so locked down by default that basically nothing works. Great for security, but normal home users would never be able to figure it out.
     
    Rahh likes this.
  8. Nobified[H]

    Nobified[H] [H]ard|Gawd

    Messages:
    1,096
    Joined:
    Mar 21, 2013
    Here is my question, how is it that people find security holes and exploit them? Have no experience on finding way to exploit security holes, but I am curious on what app or software is being employed? Are these custom software developed by hackers or people with deep knowledge on how OS core was developed?
     
  9. groebuck

    groebuck 2[H]4U

    Messages:
    2,402
    Joined:
    Mar 9, 2000
    I have a clearos set up on my network connected to my wireless AP so all my wireless goes through a better firewall - My wired network goes through my Ubituti edge router -

    sheildsup is still a great site to check for holes in your network.
     
  10. oROEchimaru

    oROEchimaru [H]ardness Supreme

    Messages:
    4,658
    Joined:
    Jun 1, 2004
    I still poop manually.
     
    Armenius likes this.
  11. viscountalpha

    viscountalpha 2[H]4U

    Messages:
    2,548
    Joined:
    Oct 16, 2011
    On the Internet of things, just because you can doesn't mean you should.
     
    Armenius likes this.
  12. Armenius

    Armenius I Drive Myself to the [H]ospital

    Messages:
    16,804
    Joined:
    Jan 28, 2014
    Sorry, but I personally see no reason or advantage to having my home appliances connected to the internet.
     
  13. spacecowboy863

    spacecowboy863 Gawd

    Messages:
    552
    Joined:
    Sep 4, 2016
    maybe it's my paranoia but i never put all my eggs in one basket
    ie thermostat, garage opener, home security apps from your phone
    i hope these ppl's phones never get hacked because they're basically opening the doors into their houses
     
  14. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,419
    Joined:
    Oct 31, 2004
    Gotta shutdown the interwebs. Remember, we want to roll back news reporting to 3 lapdog networks, like the good old days.
     
  15. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,419
    Joined:
    Oct 31, 2004
    They are using he devices to DDoS the internet backbone in some cases by simply making them 'phone home' more often than normal.
     
  16. Koween

    Koween Limp Gawd

    Messages:
    486
    Joined:
    May 24, 2012
    The problem is not that someone get access to your fridge and makes your chicken go bad by adjusting the temperature. The problem is that a lot of iot devices, like ip webcams, fridges, bidets etc. have very bad security (pretty much login is "admin" and password is "admin"). That makes it easy to write a piece of software to randomly try various ip adresses and log in. That in turn allows creation of huge botnets that are hard to fix (anyone running antivirus on your fridge?) and then those botnets can be used to take down services etc.
    More info here Extra-Large Denial of Service Attack Uses DVRs, Webcams
     
  17. TheSoldier

    TheSoldier Limp Gawd

    Messages:
    175
    Joined:
    Dec 9, 2011
    Why would companies spend more from their bottom line in order to secure their $40 "smart" light switch or power adapter? This is exactly why we can't have nice things. I hate government intervention, but at this point I'm thinking that we need to start legislating security into any Internet-connected IoT device. As we approach x Tb/s attacks, no server farm is going to be able to handle the loads and I'll be knocked off a portion of the web until someone is satisfied with their attack.
     
  18. Nobified[H]

    Nobified[H] [H]ard|Gawd

    Messages:
    1,096
    Joined:
    Mar 21, 2013

    So that is what they are doing? Using software to scan all ip's for vulnerabilities for known username and passwords on various PC devices? If the software finds one then it alerts the user to this IP address?
     
  19. JayteeBates

    JayteeBates [H]ard|Poof

    Messages:
    4,638
    Joined:
    Jul 21, 2007
    Government has a place in a civilized society - regulation of that nature is one place it is appropriate IMO.
     
    Armenius likes this.
  20. JayteeBates

    JayteeBates [H]ard|Poof

    Messages:
    4,638
    Joined:
    Jul 21, 2007
    It is really easy to set a program to just start spamming IP's and attempting logins. On a successful login it would note the ip/user/pass that worked and you let it go for a couple hours/days. Come back and you have a nice list of unsecured devices you can work on subverting for your pleasure and/or profit.
     
    Armenius likes this.
  21. SvenBent

    SvenBent 2[H]4U

    Messages:
    2,787
    Joined:
    Sep 13, 2008
    Seeing how helpless some people are, you would think more people would use something like this...


    small warning: might be NSFW

    HUGE WARNING: REALLY UGLY LANGUAGE that sounds like someone with a throat disease
     
    oROEchimaru likes this.
  22. Koween

    Koween Limp Gawd

    Messages:
    486
    Joined:
    May 24, 2012
    It's a bit more complicated than that, but the basic gist is that it's very easy to gain access to some of those devices (and yes, there are webcams using the default login from factory on multiple devices. There was an article on hackaday about that).
     
  23. Mohonri

    Mohonri [H]ardness Supreme

    Messages:
    5,734
    Joined:
    Jul 29, 2005
    A lot of their products share a lot of code, so the incremental cost of writing (more) secure code for all of the devices is quite low.

    On the flip side, though, a lot of these devices run some form of Linux, and so they can share the same vulnerabilities. And once they're out in the field, fixing vulnerable devices is hard, unless you adopt Microsoft's you-will-update-when-we-say-so-and-you'll-like-it approach.
     
  24. Pyro411

    Pyro411 [H]Lite

    Messages:
    90
    Joined:
    Oct 8, 2009
    Honestly it's gotten a LOT easier to setup out of the box over the years with a lot more features added.

    Ahh the days when it was Astaro Security Linux, then Astaro Security Gateway, now it's Sophos Unified Threat Management. -- I haven't tried Sophos XG yet, but it looks like it's a vast departure from the previous generations

    If there isn't one on Youtube, at some point I should record a video for basic home setup configuration. :) Don't worry I wouldn't go all old man & talk about the olden days prior to HTTP proxy being integrated into it or gripe when they went from certain open source projects to closed source in house projects.
     
  25. raz-0

    raz-0 [H]ardness Supreme

    Messages:
    4,489
    Joined:
    Mar 9, 2003
    Looking at how fast the attacks on my workplace have become large enough for the companies that provide mitigation to be seriously strained, and then just a couple of days later seeing a new record 4+ times as large hit being driven in significant portion by shitty IoT crap, it's clear we are oging to see the end of the internet as we know it, and it is going to be due to useless shit like wi-fi connected color changing lightbulbs.

    I'm not saying it's the end of the internet, but being on it, providing access to it, etc. is going to radically change as we know it.
     
    viscountalpha and Armenius like this.
  26. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,419
    Joined:
    Oct 31, 2004
    Like the Russians?
     
    Armenius likes this.
  27. Monkey God

    Monkey God Mangina Full of Sand

    Messages:
    6,722
    Joined:
    May 7, 2007
    Lol, most of the people doing the hacks are in China, Russia or Eastern Europe. They dont give a shit. They probably are in bed with their governments security services.
     
  28. SGTGimpy

    SGTGimpy Limp Gawd

    Messages:
    233
    Joined:
    Oct 7, 2009
    Sophos UTMs are some the best appliances around and I have used them for almost all my clients networks since it was Astro version 5.

    The fact that they still give anyone a completely free, fully functional licensed software for home use with all the features full enabled is just amazing. Though it is not made for the normal Joe and does require some professional tweaking to get it right but when you do. It is solid.

    XG is a big departure since it is now cloud based management and requires the use of a cloud.sophos.com account to manage the device. I have tested it and while it has some huge performance improvements on the same UTM hardware. I am not a fan of requiring an cloud connect to manage my in-house hardware.
     
    Pyro411 likes this.
  29. groebuck

    groebuck 2[H]4U

    Messages:
    2,402
    Joined:
    Mar 9, 2000
    There are alerady ransomware on thermostats (show in demo) where someone puts code on an IOT thermostat - sets the heat to 90 degrees with a message that you need to pay 100 dollars to get your thermostat back.

    Now sure you could rip it off the wall and put an old style non connected on..but this is just on example of the new ransomware
     
    Armenius likes this.
  30. Pyro411

    Pyro411 [H]Lite

    Messages:
    90
    Joined:
    Oct 8, 2009
    I hear ya on the cloud connection, the whole time I worked with Astaro from early 1.x releases every firewall mfg has been screaming turn networks into a black hole for incoming traffic for step one of safety. -- Yes I'm an old fart who found & started selling Astaro after the I-Gear Proxy was purchased by Symantec & discontinued.

    Also for anyone looking to test Sophos UTM out please oh please don't follow to the letter. Sure it'll get you going but it's missing a ton of steps to get you securely on the net. Protip: For security reasons if you can force a service through a proxy, it takes longer to configure but it gives those extra layers of protection that are sorely needed these days.
     
  31. Armenius

    Armenius I Drive Myself to the [H]ospital

    Messages:
    16,804
    Joined:
    Jan 28, 2014
    IoT ransom scams are being run by rich American kids, mostly. International governments are more interested in getting a hold of other governments' secrets. How can they do that if they take the internet down? These DDoS attacks are being used to hold internet access for ransom, with the acquisition of money being the end goal.

    https://krebsonsecurity.com/2016/09/ddos-mitigation-firm-has-history-of-hijacks
    https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released
    https://krebsonsecurity.com/2016/10/who-makes-the-iot-things-under-attack
    https://krebsonsecurity.com/2016/10/feds-charge-two-in-lizard-squad-investigation
    https://krebsonsecurity.com/2016/10/spreading-the-ddos-disease-and-selling-the-cure
     
  32. Azphira

    Azphira [H]ard|Gawd

    Messages:
    1,821
    Joined:
    Aug 18, 2003
    Like I said in another post, we need a third world war, too many people causing too many problems.


    "Kill one person, and you can solve so many problems. I wonder at the possibilities!" -Runa Fair-Shield
     
  33. Nobified[H]

    Nobified[H] [H]ard|Gawd

    Messages:
    1,096
    Joined:
    Mar 21, 2013
    We are almost there, be careful what you ask for! :joyful:
     
  34. Scizyr

    Scizyr Limp Gawd

    Messages:
    235
    Joined:
    Jun 24, 2015
    That's one part of the larger issue of having easy attack vectors into a network. Most high profile hacks have been accomplished by taking over an old network printer that was mistakenly configured with an externally facing IP address. Since all it takes to hack IoT devices is a slight breeze it allows entry to the network, which someone can use to pivot onto other devices quite easily, your firewall isn't really going to care about weird traffic going through your internal network. Not many people set up vlans in their home.
     
    Armenius likes this.
  35. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,890
    Joined:
    Aug 16, 2004
    Even newer machines are easily vulnerable.

    A year or so ago I was searching for the user manual for a Xerox machine we had.

    A google search came up with a random IP address. I was curious, so I clicked on the link and it gave me access to somebody's printer.

    I looked up the IP and was able to find the company it belonged to, their address, etc.

    I edited the email address list with a message saying that they needed to secure their printer because it was wide open for anybody to use.
     
    Armenius likes this.
  36. stormy1

    stormy1 [H]ard|Gawd

    Messages:
    1,047
    Joined:
    Apr 3, 2008
    Its not just home users a fairly large multi-state company I occasionally used to do some work for has an old HP laser printer directly connected to the internet at each location and refuse to do anything about it. Every night they print reports to the home printer and the home office prints stuff back during the day. Why wont they use email? Its insecure. lol
     
    Armenius likes this.
  37. Devilpup

    Devilpup 2[H]4U

    Messages:
    2,048
    Joined:
    Sep 4, 2002
    Maybe someone already said this but the point is not to hack your thermostat for the sake of hacking your thermostat, the point is to hack your thermostat and use that as a relay to do other things. If you have memory available which can be written to then it can be used to host and serve malware. At a minimum if you're connected to the web then it can be used to send queries to another address ala the current Mirai trend. There may not be much value in your net-enabled coffee pot in and of itself, but if it has any chance of being compromised and has any bandwidth available then it has some value in a botnet.
     
    Armenius likes this.
  38. Some day the internet will be useless, like usenet became useless full of worthless spam and viruses. People will scream and bemoan how useless it becomes. And 15 years later internet 2 with secure devices will pop up in that once your device has been identified as being a problem, it gets cut off from the net. All messages will come with a 4096bit Perfect Forward Encryption (elliptic curve based) that will be used to identify them by IP address. The server will ping back to confirm with a handshake the message is valid from the source. Home client devices can only http outside your LAN (Port 80, 8080) and any software must be digitally signed by author using the above handshake methodology.
     
    Last edited by a moderator: Oct 24, 2016
  39. Biggest target is no doubt android devices/phones (including NEST) which do not get patched by vendors. Next 99% of IP cameras aren't patched (a majority run on the same embedded linux platform). 99% or routers aren't patched based on flawed libraries from intel. Hackers use well known exploits on them like flood, default password "admin" and Intel's PnP vulnerability.

    My philosophy: If your device doesn't encrypt traffic, secure ports, receive updates, and doesn't use digital signatures, you're asking for it.

    BTW: Make your subnet address something different than 192.168.1.xxx
     
    Armenius likes this.
  40. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,194
    Joined:
    Nov 16, 2009

    Dunno what you are talking about, but usenet is alive and well.... Maybe not in its original form thought, but it's FAAAAR more useful/safer than torrents hope to be. Max my download bandwidth over an SSl tunnel, and never uploading a thing, so no getting burned for 'sharing'.
     
    Armenius likes this.