Hacked Security Cameras, DVRs Cause Massive DDoS Internet Attacks

Distributed denial-of-service (DDoS) attacks carried out by hackers using as many as one million Chinese-made security cameras and other video surveillance products, according to Level 3 Communications.

Rodney Bosch

Hackers seized control of countless security cameras and DVRs to unleash several massive Internet attacks last week, setting off fresh concerns about the susceptibility of connected devices in homes and businesses.

Level 3 Communications, a global communications provider based in Broomfield, Colo., identified video surveillance cameras and recorders made by Chinese manufacturer Dahua Technology as the sources of a majority of last week’s cyberattacks, but said other Web-enabled devices are also being hijacked into a new cyber warfare network currently being assembled.

“We’re thinking this is the tip of the iceberg,” Dale Drew, head of security at Level 3 Communications, told the Wall Street Journal.

A Dahua spokeswoman told the Wall Street Journal on Thursday the company is reviewing Level 3’s research. She said malware could succeed in attacking older devices with outdated software.

“We strongly recommend users to upgrade the firmware of devices,” and set a strong password to reduce risks, the spokeswoman told the newspaper.

“We’re thinking this is the tip of the iceberg.”​

— Dale Drew, Level 3 Communications

Dahua, said to be the world’s second largest provider of video surveillance products behind Hikvision, brings its wares to the security marketplace through distribution. 

Level 3 said H.264 DVRs made by Dahua were especially prevalent in the attacks, though security researchers said other brands were affected. In some cases the devices were not protected with passwords or had generic passwords, Drew told the newspaper.

The attackers used as many as one million Chinese-made security cameras, DVRs and other infected devices to generate webpage requests and data that knocked their targets offline, the newspaper reported. It has not been determined if the attackers had access to video feeds from the infected devices.

Among those affected last week by the distributed denial-of-service attacks (DDoS) was Akamai Technologies, a content delivery network and cloud services provider based in Cambridge, Mass. Akamai said malicious traffic on its network on Sept. 20 reached 700 gigabits a second — equivalent to 140,000 high-definition movies streaming at once.

In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target. The website of well-known security researcher and journalist Brian Krebs was forced offline last week as well after getting hit for more than two days with an unprecedented flood of traffic.

“We need to address this as a clear and present threat not just to censorship but to critical infrastructure,” Krebs told the Wall Street Journal.