https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/footer-logo.png
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • IoT World 2020 News
  • Strategy
  • Special Reports
  • Galleries
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • IoT World 2020 News
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Video / Podcasts
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Strategic Partners
  • IOT World Events
    • Back
    • Internet of Things World: San Jose
    • IoT World 2020 News
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Architecture
  • Engineering/Development
  • Security
ioti.com

Security


Pixabay

Minecraft

From Minecraft to IoT malware: How gamers enslave connected devices

While ransomware attacks loomed large in the first half of 2017, IoT malware continues to spread, thanks in part to young hackers eyeing the competitive video game industry.
  • Written by Brian Buntz
  • 7th September 2017

In the seminal 1983 cybersecurity movie WarGames, an underachieving high school student named David Lightman (played by Matthew Broderick) nearly starts World War III after attempting to play an unreleased video game online. In the process, Lightman discovers the command prompt for a remote military computer after using an automated dialer to call every phone number in Sunnyvale, California. His war dialing effort intended to locate a remote terminal linked to a gaming company based in the city. Instead, he discovers a military computer that runs World War III simulations. “Let’s play Global Thermonuclear War,” he types into the telnet-like terminal, starting a simulation that fools the U.S. military into thinking it is the real deal.  

The film has had tremendous relevance to the field of computer security, helping shape U.S. cybersecurity policy in the 1980s, mainstream computer culture and influenced the hacking lexicon.   

IoT botnet games

In the IoT realm, the worlds of video games, hacking and youth collide in a “WarGames”-like manner. World War III may not hang in the balance, but evidence suggests that angry gamers used the open-sourced Mirai IoT botnet to target game servers — bringing down a significant chunk of the internet as collateral damage. In fact, the bulk of IoT malware may come mostly from “amateurs, gamers, young people, and attention seekers,” as Flashpoint security researchers Allison Nixon and Pierre Lamy have written.

[IoT Security Summit, co-located with Blockchain360 and Cloud Security Summit, explores how industry-wide security, privacy and trust can be established to unlock the full potential of IoT. Get your ticket now.]

A recent example illustrating a similar theme comes courtesy of an IoT malware purveyor who claims to be 13. Ankit Anubhav, principal security researcher at NewSky Security, reached out to the individual to learn more about how such malcode spreads across the internet. “Posing as a gamer, I asked him about the IoT botnet he had developed,” he said. “I then told him that it was wrong and he said: ‘I am just 13. Cops can’t do anything about it and no law would apply to me.’” 

Going by the pseudonym DaddyPvP, the teenager created a website with the URL Daddyhackingteam.com that hosts IoT botnet source code, dozens of remote access terminals, a rootkit named after a Pokémon character and line-by-line tutorials on how to launch several other attacks. The Daddyhackingteam site also serves as a command and control server for an active IoT botnet.

From Minecraft to malware

Anubhav said that, as of July, the owner of the Daddyhackingteam website had been looking for a job as either an administrator or web developer for a server for the Microsoft video game Minecraft with more than 55 million players. The individual stated he was online for 15 to 18 hours each day and could spend the bulk of his waking hours working on the server — at least until school started again in the fall. Incidentally, one of the most frequent targets of botnets — IoT-based or otherwise — are Minecraft servers.

“After that, he changed his mind and started an IoT botnet,” Anubhav explained. In a conversation over Skype, the teenager stated he had 300 IoT bots in his army. He had hoped to enslave IP cameras to add to his botnet, looking for help on the cybersecurity forum Hackforums.net, but had difficulty doing so.

“The funny part is that he used the same contact information for applying for work that he did when discussing his malware [code].”

Incidentally, the modus operandi of IoT botnets is to look for weak or default telnet usernames and passwords, which is a similar vulnerability highlighted in the WarGames film — the password for the war computer was simply the name of its creator’s son: “joshua.” Anubhav recently located a trove of 33,138 telnet device credentials on the site Pastebin.com, thousands of used “admin” as both the username and password.

The DDoS market is so large and open that it is straightforward for even inexperienced hackers to cobble together the code needed to launch botnets. “It’s literally child’s play to set up an IoT botnet,” Anubhav said, adding that the botnet code on the Daddyhackingteam site borrows heavily from a botnet known as Gr1n.

Recently, the British publication Business Matters explained that another teenager reportedly launched 1.7 million DDoS attacks against 660,000 IP addresses — many belonging to gaming websites owned by Sony and Microsoft.

Peter Tran, RSA’s Advanced Cyber Defense general manager and senior director, sees the hacking marketplace growing even more accessible to would-be cybercriminals. “The malware market is becoming like the consumer electronics ‘big box stores’ where you can get technical or customer support for a malware kit you purchase in the underground,” Tran said. “IoT is the new ‘designer malware’ focus with great hacker market promise. It doesn’t matter if you have good or bad skills. IoT malware-as-a-service is becoming a recognized model,” he added. “Much like how Minecraft or Legos work, this type of malware is based on the ability to quickly interchange building blocks to create new variations on demand.”

Tags: Article Security Technologies

Related


  • IoT security
    Zero-Trust Security for IoT: Establishing Rigorous Device Defenses
    IoT security pros can benefit from zero-trust security to authenticate rogue devices that try to connect to a network. Zero trust should be the hallmark of your IoT strategy.
  • 3d rendering of human brain on technology background
    AI Ups the Ante for IoT Cybersecurity
    Security providers in IT and OT have implemented AI, ML and other advanced technologies to make systems smarter than malicious attackers.
  • IoT security
    Protecting Your Network Against Ripple20 Vulnerabilities
    Early this year, Ripple20 wrought havoc on numerous IoT devices, given vulnerable third-party code. Here are ways to prevent your organization from the fallout.
  • IoT security
    IoT Security Trends, 2021: COVID-19 Casts Long Shadow
    While some IoT security trends in 2021 will continue trends from 2019 and 2020, COVID-19 has brought some new threats to the fore.

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • LYNX MOSA.ic™ Avionic Platform (Advantage w/ Intel)
  • COVID-19 Driving Data Integration Projects in IoT
  • Intro to LynxSecure
  • Can Privacy-Preserving Machine Learning Overcome Data-Sharing Worries?

News

View all

Webex Collaboration Banks on Hybrid Workplace Model at Cisco Live 2021

2nd April 2021

Cisco Enlists Networking Automation, CX Cloud in COVID-19 Response

31st March 2021

White Papers

View all

Telehealth and COVID Infographic

30th March 2021

Medical Supply Chain Management with Smart Devices and Sensors

30th March 2021

Special Reports

View all

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

Webinars

View all

Real-Time Analysis of Driver Behavior Using Machine Learning

13th May 2021

Weber’s Journey: How a Top Grill Maker Serves Up Connected Cooking

25th February 2021

Galleries

View all

Top IoT Trends to Watch in 2020

26th January 2020

Five of the Most Promising Digital Health Technologies

14th January 2020

Industry Perspectives

View all

IoT Spending Holds Firm — Tempered by Dose of ‘IoT Pragmatism’

1st December 2020

The Great IoT Connectivity Lockdown

11th May 2020

Events

View all

Embedded IoT World 2021

28th April 2021 - 29th April 2021

The Virtual Industrial AI Summit

29th June 2021 - 30th June 2021

IoT World 2021

2nd November 2021 - 4th November 2021

Twitter

IoTWorldToday, IoTWorldSeries

👋 Say hello to #EIOTWORLD sponsor, @TrustedComputin — enabling secure computing through open standards and specific… twitter.com/i/web/status/1…

16th April 2021
IoTWorldToday, IoTWorldSeries

How Smart Environments Will Take Shape Post-COVID-19 dlvr.it/RxfPG2 https://t.co/Y6DMWxZf9S

14th April 2021
IoTWorldToday, IoTWorldSeries

IoT Enterprise Deployments Continue Apace, Despite COVID-19 dlvr.it/RxWwsS https://t.co/BSkxdf17vs

12th April 2021
IoTWorldToday, IoTWorldSeries

🥳Happy #IoTDay! How are you celebrating? We're giving $50 off All Access Passes to join our upcoming virtual event,… twitter.com/i/web/status/1…

9th April 2021
IoTWorldToday, IoTWorldSeries

🎉 Announcing #EIOTWORLD sponsor, @InnoPhaseinc — a fabless wireless semiconductor platform company specializing in… twitter.com/i/web/status/1…

8th April 2021

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X