This story is over 5 years old.

Hackers Are Using CCTV Cameras to Create Botnet Swarms

Change. Your. Default. Login.

Network security firm Incapsula has a new report that sounds … just a little scary. It reports a 240 percent uptick in botnet activity, when a bunch of connected devices are compromised and used for attacks that overtax servers and shut down websites.

One type of connected device accounted for a large chunk of the increase: closed circuit television cameras, employed by many companies and individuals for security.


Ironically, Incapsula says the problem is that many of the security devices haven't been properly secured, allowing hackers to implant malicious software in the cameras and utilize them in distributed denial of service attacks without the owner knowing.

There are 245 million registered CCTV cameras worldwide, and many of them still had the default login credentials. This has been exploited before, with one website streaming live footage from unssuspecting CCTV camera owners around the world by using default login credentials.

You probably don't have a CCTV camera at your home, but with the "Internet of Everything" on the horizon (at least if you ask companies who sell "Internet of Everything" devices), a whole lot more homes will have Internet connected fridges, thermostats, washing machines, toasters, and … whatever else, opening up the possibility for hackers to gain access if default settings aren't changed.

In the particular attack highlighted by Incapsula, 900 CCTV cameras were used in an HTTP flood attack, sending repeated requests to a cloud server. Essentially, the cameras (and other botnet devices) called up legitimate URLs on the cloud service website, but did it at such a volume that the servers couldn't handle the traffic, (potentially) taking the site offline. As you can see from the below map, the cameras were located all across the world:

It speaks to the underlying problem with many botnet swarms: hacked devices with malware tool kits are able to be leveraged in low tech but highly damaging brute force attacks, overtaxing a server. The reason many of these devices are part of the swarm is that the users (or the firms that set up the devices) never bothered to change the default login on setting them up. Many others may just be using crappy, easy-to-guess passwords. In 2013, Cisco reported that 1 out of every 100 devices worldwide were infected with botnet malware, with 1 out of 250 devices in the United States infected.

Especially as the "Internet of everything" conquers homes, it's going to be important to tighten up home security. After all, you probably don't want your smart coffee maker or smart toilet being part of a DDoS attack, which is absolutely a weird sentence to type.