BrickerBot Dev Claims Cyber-Attack That Affected Over 60,000 Indian Modems (bleepingcomputer.com) 32
An anonymous reader quotes a report from Bleeping Computer: "The author of the BrickerBot malware has claimed a cyber-attack that affected several Indian states and has caused over 60,000 modems and routers to lose Internet connectivity," reports Bleeping Computer. "The incident affected modems and routers belonging to Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL), two Indian state-owned telecommunications service providers." The BrickerBot malware infected modems that used default passwords and modems that the two ISPs left exposed via the TR069 management interface to connections from anywhere on the Internet. BrickerBot is a malware strain that affects Linux-based IoT and networking devices. Unlike other malware that hoards devices into botnets for DDoS attacks and other purposes, BrickerBot "bricks" the equipment by rewriting its flash storage with random data. In most cases this bricking effect can be reversed, but in some cases this is permanent. BSNL and MTNL had worked to fix problems but efforts were delayed after a BSNL workforce strike. The BrickerBot author also raised the alarm about similar exposed devices on the network of Pakistan Telecommunication Company Limited (PTCL). In April, the BrickerBot author claimed he bricked over 2 million devices.
what's the point? (Score:1)
what's the point, really? The only victims here are people who aren't responsible for this. They're left without internet for days until this is fixed.
Yes, we know shit is insecure, but take it on the people responsible for this, not on the users. They will still be billed. And no one will be fired for the mistake.
Re: (Score:3, Insightful)
The problem is that it simply isn't true anymore with botnets. Before them all of the idiots getting infected wasn't a problem to people who were doing security right. However now mass armies of zombie-botnets are causing major persistent DDOS problems to the people who are doing the right things, and worse trying to get ransoms from it. I don't necessarily approve of what brickerbot's author is doing morally and legally but there is a valid logic to it. Either stop your systems from being a threat to every
Re:what's the point? (Score:5, Informative)
what's the point, really?
To remove insecure devices from the internet rather than allow bad actors to take advantage of them.
The only victims here are people who aren't responsible for this.
If you paid money for an insecure device, you are responsible for financing a distributor of insecure devices.
Yes, we know shit is insecure,
And you should also know that insecure shit is going to be bricked.
but take it on the people responsible for this, not on the users. They will still be billed. And no one will be fired for the mistake.
If you give enough people a headache, they will give other people a headache for it happening. Eventually, the people responsible will either change their ways or it's going to be a painful decade for them.
Re:what's the point? (Score:5, Insightful)
If you give enough people a headache, they will give other people a headache for it happening. Eventually, the people responsible will either change their ways or it's going to be a painful decade for them.
My boss told me years ago, that the best way to get action from someone with a problem I was having was to make it their problem.
And damned if that wasn't some of the best advive I ever got. Yes, it pissed off some folks, but yes, they remembered that I expected a quick response in the future.
I don't care if these people using this insecure hardware are blacklisted until they remove it. Watch how quickly that particular problem goes away.
Re: (Score:2)
This is the first time I'm hearing of BrickerBot, but did the author release any news that this is a clever strike against the diabolical surveillance capabilities of intelligence agencies? It seems like a response by someone tired of armies of DDOS bots crowding the internet and a lack of action by popular ISPs to secure their own devices.
Sure, in future (or even at present) many governments will classify this as 'terrorism', as punishments are much easier to sell to public under terrorism laws regardless
Re:what's the point? (Score:5, Insightful)
what's the point, really? The only victims here are people who aren't responsible for this. They're left without internet for days until this is fixed. Yes, we know shit is insecure, but take it on the people responsible for this, not on the users. They will still be billed. And no one will be fired for the mistake.
The entire point of targeting insecure hardware is to get the attention of those who created that clusterfuck in order for them to fix it.
Yes, that sometimes means innocent victims get caught in the crossfire. That bullshit will continue until vendors pull their head out of their ass and learn to prioritize security over profits. And speaking of profits and impact, if I were the customer, I certainly would not be paying for service during an outage. I'd be demanding a refund and consider leaving for another provider.
Re: (Score:3)
And speaking of profits and impact, if I were the customer, I certainly would not be paying for service during an outage. I'd be demanding a refund and consider leaving for another provider.
Well, we are talking about India here. I am not so sure that their country would have a similar way of dealing with bad services. If you have ever lived in one of the 3rd world countries, you may get some ideas how disadvantage consumers are having...
Re: (Score:2)
That's the problem with the average Slashdot user "hurr durr if your ISP is bad, just switch".
Re: (Score:2)
> They're left without internet for days until this is fixed.
These are days which they will spend complaining about service, and some will be shopping around for other providers. If a significant fraction jump ship, the ISP is going to get a sudden motivation boost to start reading up on basic security practices that are essential in a highly connected world.
Re: (Score:2)
This is India we're talking about. The ISP is probably the local telephone company which is run by the government. And disparaging the government will get you disappeared. In a country of 1.4+ billion people, no
Re: (Score:2)
Aren't responsible? (Score:2)
Same with Air Pollution,
Same with Privacy,
Same with Getting DDoS,
Same with Every Other Problem in the global world.
Just because you are ignorant, doesn't mean you are excused from responsibility.
In this case where you are not part of the Solution, You are part of the Problem.
Re: (Score:2)
So you're responsible for Trump?
Re: (Score:1)
Where is the problem ? (Score:2)