Tuesday 1 April 2014

Hackers Turn Security Camera DVRs Into Worst Bitcoin Miners Ever

Image: Casascius/CC
Image: Casascius/CC
Here’s something we haven’t seen before: security camera recorders hacked and used to mine bitcoin.
The issue was first reported by Johannes Ullrich, an instructor at the SANS Technology Institute — a computer security training organization. Last Friday, he discovered malicious software infecting the Hikvision DVRs used to record video from security cameras. The malware jumps from device to device, trying to infect any other machines it can find on the network. But it also tries to earn a little scratch for its creators by mining bitcoins, a processor-intensive activity that would probably slow down any infected DVR.
Though this is a novel method, it’s hardly the first time hackers have tried to bust their way into other people’s hardware in order to make some bitcoin, the popular digital currency. The bitcoin system is run by independent machines spread across the globe, and if you contribute processing power to the system, you receive some bitcoin in return. This is called mining, and hackers often seek to mine using any machines they can gain control of — including security camera DVRs.
Most malicious software is written for Linux or Windows machines, but Ullrich has seen this new malware infect routers and DVRs in the past. That usually happens accidentally when a worm written for a Windows or Linux system spreads to strange devices that happen to be running the same operating system. But here, the malicious code “was actually complied for the ARM processor that’s running these devices, he says, “so they kind of knew what they were into.” Since Friday, Ullrich has also spotted the malware running on a router. He couldn’t immediately be reached for comment.
The low-powered ARM chip is one of the worst possible processors you could pick for the crypto-heavy calculations that make up bitcoin mining. Last week, we wrote about some Android malware that was remarkably ineffective in making money in the crypto currency game.
But the fact ARM is being targeted is a side-effect of the phenomenon known as the Internet of Things. With increasingly powerful computers out on the network, recording video, running our mobile phones, and even operating as thermostats, it’s giving hackers a lot of alternatives to their tried and true targets. Although the Hikvision malware could be used to spy on anyone it infects, it doesn’t seem to do that. Apparently, all it wants to do is scan the network for other machines to infect and mine bitcoins, Ullrich says.
The malicious software seems to spread using the default usernames and passwords for the Hikvision devices, which most people do not change after setting them up.

No comments:

Post a Comment