To Protect Your Devices, A Hacker Wants to Hack You Before Someone Else Does

It should be noted that hacking a system for unauthorised access that does not belong to you is an illegal practice, no matter what's the actual intention behind it.


Now I am pointing out this because reportedly someone, who has been labeled as a 'vigilante hacker' by media, is hacking into vulnerable 'Internet of Things' devices in order to supposedly secure them.


This is not the first time when any hacker has shown vigilance, as we have seen lots of previous incidents in which hackers have used malware to compromise thousands of devices, but instead of hacking them, they forced owners to make them secure.


Dubbed Hajime, the latest IoT botnet malware, used by the hacker, has already infected at least 10,000 home routers, Internet-connected cameras, and other smart devices.


But reportedly, it's an attempt to wrestle their control from Mirai and other malicious threats.


Mirai is an IoT botnet that threatened the Internet last year with record-setting distributed denial-of-service attacks against the popular DNS provider Dyn last October. The botnet designed to scan for IoT devices that are still using default passwords.

How the Hajime IoT Botnet Works


Hajime botnet works much like Mirai — it spreads via unsecured IoT devices that have open Telnet ports and uses default passwords — and also uses the same list of username and password combinations that Mirai botnet is programmed to use, with the addition of two more.


However, what's interesting about Hajime botnet is that, unlike Mirai, it secures the target devices by blocking access to four ports (23, 7547, 5555, and 5358) known to be vectors used to attack many IoT devices, making Mirai or other threats out of their bay.


Unlike Mirai, Hajime uses a decentralized peer-to-peer network (instead of command and control server) to issue commands and updates to infected devices, which makes it more difficult for ISPs and Internet backbone providers to take down the botnet.


Hajime botnet also takes steps to hide its running processes and files on the file system, making the detection of infected systems more difficult.


Besides this, Hajime botnet also lacks DDoS capabilities or any other hacking code except for the propagation code that lets one infected device search for other vulnerable devices and infects them.


One of the most interesting things about Hajime: the botnet displays a cryptographically signed message every 10 minutes or so on terminals. The message reads:



Just a white hat, securing some systems.


Important messages will be signed like this!


Hajime Author.


Contact CLOSED Stay sharp! 

There's Nothing to Get Excited 


No doubt, there's a temptation to applaud Hajime, but until users don't reboot their hacked devices.


Since Hajime has no persistence mechanism, which gets loaded into the devices' RAM, once the IoT device is rebooted, it goes back to its unsecured state, complete with default passwords and the Telnet port open to the world.

Read More :http://thehackernews.com/2017/04/vigilante-hacker-iot-botnet.html

Comments

Popular posts from this blog

Best online IoT courses

16 best free project management software programs

How to create an Amazon Alexa skill