Brrrd count: Penguin population in Antarctica is 12 million, report says
If you’ve ever wondered how many penguins there are in Antarctica, now we know: There are 12 million of the famed flightless waddling birds down there.
BrickerBot, the permanent denial-of-service botnet, is back with a vengeance (ArsTechnica)
BrickerBot, the botnet that permanently incapacitates poorly secured Internet of Things devices before they can be conscripted into Internet-crippling denial-of-service armies, is back with a new squadron of foot soldiers armed with a meaner arsenal of weapons.
Pascal Geenens, the researcher who first documented what he calls the permanent denial-of-service botnet, has dubbed the fiercest new instance BrickerBot.3. It appeared out of nowhere on April 20, exactly one month after BrickerBot.1 first surfaced. Not only did BrickerBot.3 mount a much quicker number of attacks—with 1,295 attacks coming in just 15 hours—it used a modified attack script that added several “fork bomb” commands designed to more completely shock and awe its targets. BrickerBot.1, by comparison, fired 1,895 volleys during the four days it was active, and the still-active BrickerBot.2 has spit out close to 12 attacks per day.“Just like BrickerBot.1, this attack was a short but intense burst,” Geenens told Ars. “Shorter than the four days BrickerBot.1 lasted, but even more intense. The attacks from BrickerBot.3 came in on a different honeypot than the one that recorded BrickerBot.1. There is, however, no correlation between the devices used in the previous attack versus the ones in this attack.”
Enlarge / Commands performed by BrickerBot.3 are identical to those carried out by BrickerBot.1 except for several new ones that put new processes into the background until all resources are exhausted.
Radware
Shortly after BrickerBot.3 began attacking, Geenens discovered BrickerBot.4. Together, the two newly discovered instances have attempted to attack devices in the research honeypot close to 1,400 times in less than 24 hours. Like BrickerBot.1, the newcomer botnets are made up of IoT devices running an outdated version of the Dropbear SSH server with public, geographically dispersed IP addresses. Those two characteristics lead Geenens to suspect the attacking devices are poorly secured IoT devices themselves that someone has compromised and used to permanently take out similarly unsecured devices. Geenens, of security firm Radware, has more details here.
Killing Mirai’s oxygen supply
Like their predecessors, the newly discovered botnets target the same Internet-connected cameras, DVRs, and IoT devices that (a) run a Linux tool package known as BusyBox and (b) have a telnet-based interface publicly exposed and leave factory default administrative passwords unchanged. Those are the same devices that are preyed on by Mirai, the IoT botnet software that generated record-setting denial-of-service attacks on several occasions last year.Two weeks ago, Radware ran a separate blog post documenting the destructive effects BrickerBot.1 had on a Sricam AP003 metal gun-type waterproof outdoor bullet IP camera, which is known to be vulnerable to Mirai. The device quickly disconnected from its connected network and was unresponsive once it rebooted. A factory reset failed to restore the device, resulting in an effectively bricked device.
On Friday, technology news site Bleeping Computer published a profile of an individual claiming to be the BrickerBot operator. In the article, “Janit0r” claims to have “bricked” more than 2 million IoT devices since January in an attempt to take out the devices before they could be enslaved by Mirai and similar botnets. While it’s not possible to confirm the authenticity of the individual or the accuracy of the claims, they square roughly with posts made on Hack Forums discussion boards.
BrickerBot isn’t the only botnet that researchers believe is the work of a vigilante who wants to reduce the number of nuisance IoT devices populating the Internet. Last week, a separate research team documented Hajime, a botnet that had infected at least 10,000 Mirai-vulnerable IoT devices. Once installed, this closed the holes exploited by Mirai. In many respects, Hajime mimics Wifatch, a botnet discovered in 2015. The self-help botnets come as Bruce Schneier, echoed by fellow security commentators, has warned that neither IoT manufacturers nor their customers have any incentive to secure the devices, meaning the threat IoT poses to the Internet as we know it is likely to only get worse.
Even sports news in North Korea is bizarre
The authoritarian state presents itself as an authority on the games people play
Raw: Venezuela protesters block roadways
Venezuelans shut down roads and highways in protest against their government.
Venezuelans shut down roads and highways in protest against government
Protesters sprawled in lawn chairs, worked on math homework and played cards on main roads around Venezuela Monday as part of a sit-in against the government.
U.S. announces sanctions against Syria
United States Treasury Secretary Steve Mnuchin announced sanctions against Syria in response to the chemical attacks that occurred in early April.
Pug pups are heading to Pugfest
In London, Pug pups will be flooding the red carpet at the Pugfest Manchester. Alyse Barker (@IamAlyseBarker) has the story.
15 fascinating facts about mysterious North Korea
Here are 15 fascinating facts about North Korea, one of the most isolated nations on earth.
North Korea could mark military birthday with nuke, missile test
South Korea’s unification ministry said there has been no unusual movement in North Korea as Pyongyang is set to mark the 85th anniversary of its military on Tuesday.
