A 25,000-strong CCTV botnet has been uncovered launching distributed denial-of-service (DDoS) attacks against businesses in an attack that underlines potential problems with the Internet of Things (IoT).
The botnet was uncovered by Sucuri Security, which explained that it was made aware of the attacks after a customer began experiencing DDoS problems.
"It all started with a small bricks and mortar jewellery shop that signed up with us to help protect their site from a DDoS that had taken them down for days," the company said in a blog post.
"It was a layer 7 attack (HTTP flood) generating close to 35,000 HTTP requests per second which was more than their web servers could handle. Normally, this would be the end of the story. The attack would be mitigated, the attackers would move on after a few hours, and the website owner would be happy.
"In this case, however, after the site came back up, the attacks increased their intensity, peaking to almost 50,000 HTTP requests per second. It continued for hours, which turned into days."
Sucuri dug deeper into the problem and found out that the attacks were being generated using CCTV cameras.
"It is not new that attackers have been using IoT devices to start their DDoS campaigns. However, we have not analysed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long," added the firm.
"As we extracted the geo-location from the IP addresses generating the DDoS, we noticed that they were coming from all over the world, different countries and networks. A total of 25,513 unique IP addresses came within a couple of hours."
That's a lot of countries and a lot of CCTV cameras. The bulk of the devices were found in Taiwan, then the US and then Indonesia. The UK, which has a lot of CCTV cameras, does not make it into the top 10.
Sucuri's interest was piqued by the appearance of some IPv6 devices, although these were very much in the minority and made up only five per cent of the network.
The firm explained that there is not a lot website owners can do to stop IoT devices being used in this way, but that vendors of IoT devices should be aware of the situation.
"Unfortunately, as website owners, there is not much you can do to get those 25,000+ CCTVs fixed and protected. You also can't do much to fix the millions of vulnerable devices on the internet that can be used as botnets and DDoS amplification methods," Sucuri said.
"However, you can do your part. If you are an online camera user or vendor, please make sure it is fully patched and isolated from the internet."
The skeleton was unearthed more than 20 years ago in South Africa
Moon's dark side is mountainous, rugged and never visible from the Earth
The groundwater basins in some areas of Tehran have been damaged irreversibly
This is the first time that any spacecraft on Mars has recorded air vibrations on the planet