Hacked Security Cameras, DVRs Cause Massive DDoS Internet Attacks
Distributed denial-of-service (DDoS) attacks carried out by hackers using as many as one million Chinese-made security cameras
I am often asked, why should I buy a surveillance system from IHAAVS when I can buy one from one of the big-box stores and possible save money.
Though there are many reasons, today, a million-plus surveillance system owners are learning one of the largest reasons first hand - and that reason is local warranty and support.
Dahua, one of the world’s largest suppliers of surveillance cameras and NVRs, has suffered a DDoS attack, rendering about one million surveillance devices useless. Apparently, malware was responsible for attacking older devices with outdated software, as well as systems with weak or non-existent passwords.
Hackers seized control of countless security cameras and DVRs to unleash several massive Internet attacks last week, setting off fresh concerns about the susceptibility of connected devices in homes and businesses.
Level 3 Communications, a global communications provider based in Broomfield, Colo., identified video surveillance cameras and recorders made by Chinese manufacturer Dahua Technology, one of the largest surveillance camera manufactures in the world, as the sources of a majority of last week’s cyberattacks, but said other Web-enabled devices are also being hijacked into a new cyber warfare network currently being assembled.
“We’re thinking this is the tip of the iceberg,” Dale Drew, head of security at Level 3 Communications, told the Wall Street Journal.
A Dahua spokeswoman told the Wall Street Journal on Thursday the company is reviewing Level 3’s research. She said malware could succeed in attacking older devices with outdated software.
“We strongly recommend users to upgrade the firmware of devices,” and set a strong password to reduce risks, the spokeswoman told the newspaper.
Dahua, said to be the world’s second largest provider of video surveillance products behind Hikvision, brings its wares to the security marketplace through distribution.
Level 3 said H.264 DVRs made by Dahua were especially prevalent in the attacks, though security researchers said other brands were affected. In some cases the devices were not protected with passwords or had generic passwords, Drew told the newspaper.
The attackers used as many as one million Chinese-made security cameras, DVRs and other infected devices to generate webpage requests and data that knocked their targets offline, the newspaper reported. It has not been determined if the attackers had access to video feeds from the infected devices.
Among those affected last week by the distributed denial-of-service attacks (DDoS) was Akamai Technologies, a content delivery network and cloud services provider based in Cambridge, Mass. Akamai said malicious traffic on its network on Sept. 20 reached 700 gigabits a second — equivalent to 140,000 high-definition movies streaming at once.
In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target. The website of well-known security researcher and journalist Brian Krebs was forced offline last week as well after getting hit for more than two days with an unprecedented flood of traffic.
“We need to address this as a clear and present threat not just to censorship but to critical infrastructure,” Krebs told the Wall Street Journal.
To clarify, anything connected to the internet, including your smartphone or tablet is vulnerable or at risk to hacking and without proper management and password rotation, will probably become a target of some type of malware or Internet attack. The key takeaway here is to utilize the services or a professional organization that keeps track of these malicious activities and will help guide you around the turbulent waters. We have technology packages that continually monitoring the systems of our client's 7x24x365 to ensure that they are not impacted by this type of malicious activity.
If you’re interested in installing a Surveillance System or want a technician to view your surveillance system to insure that it has not been compromised, give us a call at 214-396-5858.