Hacked Security Cameras, DVRs Cause Massive DDoS Internet Attacks
Distributed denial-of-service (DDoS) attacks carried out by hackers using as many as one million Chinese-made security cameras and other video surveillance products, according to Level 3 Communications.
Hackers seized control of countless security cameras and DVRs to unleash several massive Internet attacks last week, setting off fresh concerns about the susceptibility of connected devices in homes and businesses.
Level 3 Communications, a global communications provider based in Broomfield, Colo., identified video surveillance cameras and recorders made by Chinese manufacturer Dahua Technology as the sources of a majority of last week’s cyberattacks, but said other Web-enabled devices are also being hijacked into a new cyber warfare network currently being assembled.
“We’re thinking this is the tip of the iceberg,” Dale Drew, head of security at Level 3 Communications, told the Wall Street Journal.
A Dahua spokeswoman told the Wall Street Journal on Thursday the company is reviewing Level 3’s research. She said malware could succeed in attacking older devices with outdated software.
“We strongly recommend users to upgrade the firmware of devices,” and set a strong password to reduce risks, the spokeswoman told the newspaper.
Dahua, said to be the world’s second largest provider of video surveillance products behind Hikvision, brings its wares to the security marketplace through distribution.
Level 3 said H.264 DVRs made by Dahua were especially prevalent in the attacks, though security researchers said other brands were affected. In some cases the devices were not protected with passwords or had generic passwords, Drew told the newspaper.
The attackers used as many as one million Chinese-made security cameras, DVRs and other infected devices to generate webpage requests and data that knocked their targets offline, the newspaper reported. It has not been determined if the attackers had access to video feeds from the infected devices.
Among those affected last week by the distributed denial-of-service attacks (DDoS) was Akamai Technologies, a content delivery network and cloud services provider based in Cambridge, Mass. Akamai said malicious traffic on its network on Sept. 20 reached 700 gigabits a second — equivalent to 140,000 high-definition movies streaming at once.
In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target. The website of well-known security researcher and journalist Brian Krebs was forced offline last week as well after getting hit for more than two days with an unprecedented flood of traffic.
“We need to address this as a clear and present threat not just to censorship but to critical infrastructure,” Krebs told the Wall Street Journal.
We're Looking for Your BEST Projects
Don’t miss your chance to enter to win a 2019 BEST Projects Award. We’ll be announcing winners at a special Gala event at CEDIA EXPO. We can’t wait to see what you’ve been up to this year! Enter your projects now.
Although Bosch’s name is quite familiar to those in the security industry, his previous experience has been in daily newspaper journalism. Rodney Bosch is an editor for CE Pro sister publication Security Sales & Integration. Bosch is a graduate of California State University, Fresno with a degree in Mass Communication & Journalism. In 2007, he successfully completed the National Burglar and Fire Alarm Association’s National Training School coursework to become a Certified Level I Alarm Technician. Have a suggestion or a topic you want to read more about? Email Rodney at email@example.com
Follow Rodney on social media:
SecurityProduct Briefs: Clare Supports Autonomic & More; ProSource Home Theater; Z-Wave Plus v2
Parks Associates: Consumers Have Major Concerns About Smart Home Privacy and Safety
Roberts Leaves Nortek Security & Control
Resideo Buys IoT Startup LifeWhere to Expand Its Remote Monitoring Solutions
Smart Locks Open Up MDU Market for Integrator
View more on Security