Posted on January 20, 2020 at 4:11 PM
This week, a significant event happened within the cybersecurity world, one that left ripples across the murky lengths of the industry. This event involves a hacker letting over 515,000 home routers, Internet of Things (IoT) devices, and servers that have their details, passwords included, be revealed to the world.
A Broad Sweep For Fresh Resources
The list was initially posted by way of a popular hacking forum and included the IP address, username, and password for each device. All these devices are based on the Telnet remote access protocol used to control various devices through the Internet.
Through external expert opinions and the leaker himself speaking out, it’s concluded that the list was compiled through a complicated procedure. First was a search of the entire Internet for various devices that had their Telnet port exposed. When that was gathered, the hacker made use of custom, easy-to-guess password combinations or factory-set default credentials to gain access to the devices.
Largest Telnet Leak To In History
Lists compiled like they are here, are referred to as bot lists. Bot lists are integral parts of the standard IoT botnet operation. Hackers comb the Internet to build such a bot list, before connecting with them and installing various kinds of malware on them.
These lists tend to be private tools, generally kept secret to maintain that “edge,” but there are cases where bot lists have leaked to the public. In recent memory, a list of 33000 home router credentials was leaked, also based on the Telnet protocols. As far as common knowledge stretches, the latest leak marks the largest one in Telnet’s history.
Don’t Need It; Don’t Keep It
As more and more information comes forth about the matter at hand, it’s been concluded that the individual who leaked the information was very familiar with botnets. The individual in question was a maintainer of a DDoS-for-hire service, selling Denial of Service attacks to whoever pays him enough. When the inevitable question came as to why the man leaked all the information, it was revealed that he had upgraded his DDoS network to move away from IoT botnets. The new model, according to the maintainer, involves the use of high-output servers he rents from cloud service providers.
All the information that the hacker had released was dated around the October-November region of 2019. This means that some devices within the list could have had its login details or IP addresses changed, or even taken fully off the Internet. Even if as much as 20% became unusable throughout the few months, it was used, that still leaves more than 412 million devices up for grabs.
ISP And Cloud Spread
These devices, through the use of IoT search engines like Shodan or BinaryEdge, can be seen spread across various known internet service providers (ISPs) and cloud service providers.
A security expert within the IoT industry, one who chose to remain anonymous, explained that tools such as these are incredibly useful for various hackers across the globe.
An interesting fact to keep in mind is that these sorts of misconfigured devices tend to be localized to certain ISPs instead of being evenly spread across the Internet. The reason for this is that the staff of said ISP had misconfigured devices when they are deployed to their consumer base. Misconfiguring every single device put out by a specific ISP is a veritable harvest for hackers like the one mentioned in this article.
Furthermore, if a hacker was diligent enough, he could make use of an old IP to determine the service provider. With this ISP acquired, the hacker simply re-scans the network of said ISP to update the list. This update includes new IP addresses as well.
A new chapter comes in the constant war against hackers and cybersecurity experts, with the level of complexity only rising as the sheer amount of users that make use of IoT rises. In the end, no one party will ever achieve victory, with the cybersecurity experts only being capable of stemming the worst of the tide.