The DDOS attack resulted the major disruption in service of major website around the world raised the questions regarding the stability of backbone internet service providers.The distributed denial-of-service (DDOS) attack targeted domain name service Dyn, who confirmed this weekend in a statement that it was hit by a “sophisticated attack”, which included tens of millions of attacks from from IP addresses associated with Mirai, a botnet compromised of hijacked IoT devices including major of Webcams as well.

webcam hacked

                        Webcam Compromised by Mirai resulted in DDOS

“Major number of compromised digital video recorders (DVRs) and IP cameras are made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products.”

Now this results panic incorporate sector and big giants dealing and investing heavily in Internet of things (IoT) devices. As seen by Chinese electronic firm Hangzhou XiongMai (XM) that says it will recall some of its IoT devices, including webcams, after claims that they were widely exploited by malicious hackers that launched a massive denial-of-service attack on Friday October 21st. many web users found that they were unable to visit a wide array of popular and famous online services, including GitHub, Etsy, Tumblr, Spotify, PayPal,Twitter, Pinterest, Reddit, Verizon, Comcast and the Playstation network. Nearly 500,000 devices known to be compromised by the Mirai malware.

a statement by dyn regarding the attack is:

“At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack”.

To be clear, the attack didn’t come entirely out of the blue or appeared just out of mist. Its well planned and coordinated attack.

bot-ddos-botnets anatomy

At the end of September, the full force of the Mirai botnet was directed at the website of security blogger Brian Krebs, throwing him offline for a day or two until he regrouped under the protective umbrella of Google Project Shield.

What disrupted Krebs’s security blog, and impacted companies relying upon Dyn’s DNS services, was the Mirai botnet built on the shoulders of tens of thousands – if not millions – of hackable IoT devices, left poorly protected by default passwords that made it relatively trivial for attackers to hijack them for their own purposes.

Also Reuters reports, Hangzhou XiongMai has said it will recall some of the products it has sold in the United States, strengthen passwords and send out a patch for some devices.

compromised device’s default username/password is combination of root : xc3511.

At first glance that sounds like a reasonably speedy reaction by the electronics firm, but it’s worth bearing in mind that its vulnerable components are used by third-party manufacturers in a wide range of  IoT devices.

It is all of these devices that are believed to be using the default username/password combination of root : xc3511. The issue with these hacked particular devices is that a user cannot feasibly change this password.The password is hard coded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist

There must be concerns that even if Hangzhou XiongMai issues a recall, the number of devices that will be returned for a fix could be shockingly small – meaning that the problem will not be going away anytime soon.

As an aside, Brian Krebs reports that XiongMai and the Chinese Ministry of Justice are considering taking legal action against what they describe as “false statements” that could damage the firm’s reputation.

It’s remarkable that virtually an entire company’s product line has just been turned into a botnet that is now attacking the United States.”

Initial reports indicate that the attack was part of a genre of DDoS that infects Internet of Things devices (think webcams, DVRs, routers, etc.) all over the world with malware. Once infected, those Internet-connected devices become part of a botnet army, driving malicious traffic toward a given target. The source code for one of these types of botnets, called Mirai, was recently released to the public, leading to speculation that more Mirai-based DDoS attacks might crop up.