| |
HB1PMS > TECH 21.01.20 15:03l 75 Lines 3383 Bytes #999 (0) @ WW
BID : 5645HB1PMS
Read: GAST
Subj: Hacker Exposes Credentials for over 500,000 Intern
Path: DBO595<DBX320<FRB024<NL3TD<NL3PRC<GY1BBS<HB1BBS
Sent: 200121/1226Z 5380@HB1BBS.ZL.NLD.EU BPQ6.0.19
Message from: HB1PMS@HB1BBS
Hacker Exposes Credentials for over 500,000 Internet-connected Devices
January 20, 2020 | Breaches and Incidents
exploit, hacker, bash, shell, server, code, linux, engineer, python,
network, program, loop, lan, internet, prompt, c, ping, computer, minix,
source, core, soap, ip, shock, local, web, programming, kernel, html,
programer, command, script, language, cracker, unix, host, plus, software
The devices on the published Telnet list were from all over the world.
It is not known how many of these credentials are still valid.
A hacker reportedly published a massive list of Telnet credentials for more
than 515,000 servers, home routers, and IoT devices on an online forum.
These types of lists—called ‘bot lists’—are a common component of an IoT
botnet operation.
What is Telnet?
Telnet is a communication service protocol that helps a user in controlling
a remotely connected device over the TCP/IP network.
Findings by experts
The list was compiled by scanning the entire internet for connected devices
with exposed Telnet ports.
To prepare the list, the hacker likely used two methods; using factory-set
default usernames and passwords; and attempting easy-to-guess password
combinations.
The devices on the Telnet list were from all over the world, which included
each device's IP address and username/ password for the Telnet service.
While a few of them were based on home networks, most of them were based on
reputed cloud service providers.
Experts, who also spoke to the hacker, revealed that he was previously a
maintainer of a DDoS-for-hire service. After being questioned on why he
published the list, the hacker said he upgraded his DDoS service from
working on top of IoT botnets to a new model that relies on renting high-
output servers from cloud service providers.
The ongoing dialogue
As per various reports, the leaked list has data from October-November 2019.
It is not known how many of these credentials are still valid. Some of these
devices are expected to be now running on a different IP address, or using
different login credentials. Despite that, experts believe the lists remain
incredibly useful for a skilled attacker.
Final analysis
Misconfigured devices are often clustered on the network of one single ISP.
It happens due to misconfiguration of the devices by the ISP staff while
deploying them to their respective customer bases. An attacker can use the
IP addresses included in the leaked lists to determine the service provider
and then re-scan the ISP's network to update the list with the latest IP
addresses.
73 Henk. HB1PMS
=====================================================================
_ _ ____ __ ____ ____ _____
| | | | _ \/_ | _ \| _ \ / ____| SYS: Henk (hb1nos@hb1bbs.com)
| |__| | |_) || | |_) | |_) | (___ QTH: Ouwerkerk - JO11XO
| __ | _ < | | _ <| _ < \___ \ BBS: HB1BBS.ZL.NLD.EU
| | | | |_) || | |_) | |_) |____) | QRV: 27.235 MHz (FM 1200bps)
|_| |_|____/ |_|____/|____/|_____/ WEB: www.hb1bbs.com
=====================================================================
(Message sent with Sally 7.2.035)
---------------------------------------------------------------------
Timed Tuesday 11 January 2005 16:26 gmt
BBS HB1PMS@HB1BBS
---------------------------------------------------------------------
Lese vorherige Mail | Lese naechste Mail
| |