https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Pixabay

Minecraft

From Minecraft to IoT malware: How gamers enslave connected devices

While ransomware attacks loomed large in the first half of 2017, IoT malware continues to spread, thanks in part to young hackers eyeing the competitive video game industry.
  • Written by Brian Buntz
  • 7th September 2017

In the seminal 1983 cybersecurity movie WarGames, an underachieving high school student named David Lightman (played by Matthew Broderick) nearly starts World War III after attempting to play an unreleased video game online. In the process, Lightman discovers the command prompt for a remote military computer after using an automated dialer to call every phone number in Sunnyvale, California. His war dialing effort intended to locate a remote terminal linked to a gaming company based in the city. Instead, he discovers a military computer that runs World War III simulations. “Let’s play Global Thermonuclear War,” he types into the telnet-like terminal, starting a simulation that fools the U.S. military into thinking it is the real deal.  

The film has had tremendous relevance to the field of computer security, helping shape U.S. cybersecurity policy in the 1980s, mainstream computer culture and influenced the hacking lexicon.   

IoT botnet games

In the IoT realm, the worlds of video games, hacking and youth collide in a “WarGames”-like manner. World War III may not hang in the balance, but evidence suggests that angry gamers used the open-sourced Mirai IoT botnet to target game servers — bringing down a significant chunk of the internet as collateral damage. In fact, the bulk of IoT malware may come mostly from “amateurs, gamers, young people, and attention seekers,” as Flashpoint security researchers Allison Nixon and Pierre Lamy have written.

[IoT Security Summit, co-located with Blockchain360 and Cloud Security Summit, explores how industry-wide security, privacy and trust can be established to unlock the full potential of IoT. Get your ticket now.]

A recent example illustrating a similar theme comes courtesy of an IoT malware purveyor who claims to be 13. Ankit Anubhav, principal security researcher at NewSky Security, reached out to the individual to learn more about how such malcode spreads across the internet. “Posing as a gamer, I asked him about the IoT botnet he had developed,” he said. “I then told him that it was wrong and he said: ‘I am just 13. Cops can’t do anything about it and no law would apply to me.’” 

Going by the pseudonym DaddyPvP, the teenager created a website with the URL Daddyhackingteam.com that hosts IoT botnet source code, dozens of remote access terminals, a rootkit named after a Pokémon character and line-by-line tutorials on how to launch several other attacks. The Daddyhackingteam site also serves as a command and control server for an active IoT botnet.

From Minecraft to malware

Anubhav said that, as of July, the owner of the Daddyhackingteam website had been looking for a job as either an administrator or web developer for a server for the Microsoft video game Minecraft with more than 55 million players. The individual stated he was online for 15 to 18 hours each day and could spend the bulk of his waking hours working on the server — at least until school started again in the fall. Incidentally, one of the most frequent targets of botnets — IoT-based or otherwise — are Minecraft servers.

“After that, he changed his mind and started an IoT botnet,” Anubhav explained. In a conversation over Skype, the teenager stated he had 300 IoT bots in his army. He had hoped to enslave IP cameras to add to his botnet, looking for help on the cybersecurity forum Hackforums.net, but had difficulty doing so.

“The funny part is that he used the same contact information for applying for work that he did when discussing his malware [code].”

Incidentally, the modus operandi of IoT botnets is to look for weak or default telnet usernames and passwords, which is a similar vulnerability highlighted in the WarGames film — the password for the war computer was simply the name of its creator’s son: “joshua.” Anubhav recently located a trove of 33,138 telnet device credentials on the site Pastebin.com, thousands of used “admin” as both the username and password.

The DDoS market is so large and open that it is straightforward for even inexperienced hackers to cobble together the code needed to launch botnets. “It’s literally child’s play to set up an IoT botnet,” Anubhav said, adding that the botnet code on the Daddyhackingteam site borrows heavily from a botnet known as Gr1n.

Recently, the British publication Business Matters explained that another teenager reportedly launched 1.7 million DDoS attacks against 660,000 IP addresses — many belonging to gaming websites owned by Sony and Microsoft.

Peter Tran, RSA’s Advanced Cyber Defense general manager and senior director, sees the hacking marketplace growing even more accessible to would-be cybercriminals. “The malware market is becoming like the consumer electronics ‘big box stores’ where you can get technical or customer support for a malware kit you purchase in the underground,” Tran said. “IoT is the new ‘designer malware’ focus with great hacker market promise. It doesn’t matter if you have good or bad skills. IoT malware-as-a-service is becoming a recognized model,” he added. “Much like how Minecraft or Legos work, this type of malware is based on the ability to quickly interchange building blocks to create new variations on demand.”

Tags: Article Security Technologies

Related


  • IoT Security Firm to Acquire Medical Security Startup
    Claroty is set to acquire Medigate to grow its foothold in securing the Internet of Medical Things
  • Ransomware Attack Could Impact Paychecks
    The Kronos ransomware attack affected the company’s private cloud service over the weekend, knocking it offline just before the holidays
  • Image shows an abstract digital big data concept.
    BotenaGo Malware Targets Millions of IoT Devices
    AT&T Alien Labs identified the malware that has left millions of IoT devices exposed.
  • IoT Startup Raises $10M
    Platform aims to bolster network security with automated device configurations and visibility.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • IoT Device Security at the Edge Poses Unique Challenges
  • Zero-Trust Security for IoT: Establishing Rigorous Device Defenses
  • AI Ups the Ante for IoT Cybersecurity
  • Protecting Your Network Against Ripple20 Vulnerabilities

Roundups

View all

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

This white paper by @braincubeEn explores how the changes of 2020 and 2021 are shaping the future of #IIoT. Learn w… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

UK Investing $50M for Self-Driving Buses, Vans dlvr.it/SR9QlJ https://t.co/sQdX2tJY4d

27th May 2022
IoTWorldToday, IoTWorldSeries

Dubai to Use Satellite IoT Terminals for Utilities Industry dlvr.it/SR9NQB https://t.co/GXf9Gx5RCw

27th May 2022
IoTWorldToday, IoTWorldSeries

@BerkshireGrey’s AI-powered next-gen warehouse robot is helping retailers by cutting times for order fulfillment, u… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

Access the insights on IoT deployments, emerging tech and new applications now. Sign up to our dedicated… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

Survey finds there's a lot of on-campus affinity for @StarshipRobots delivery #robots. dlvr.it/SR79YR https://t.co/73EaFPR6ft

26th May 2022
IoTWorldToday, IoTWorldSeries

That latest #IoT deals and partnerships news from @Google, @RedHat, @Arm, @SierraWireless, @ItronInc and more!… twitter.com/i/web/status/1…

26th May 2022
IoTWorldToday, IoTWorldSeries

@Ford is testing #geofencing tech that automatically cuts vehicle speeds. iotworldtoday.com/2022/05/26/for…

26th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X