Wednesday, December 21, 2016

Bots using loT as backdoor for hack attacks

Copyright © 2016 Mark Ollig

by Mark Ollig


A bot can be defined as a software application automatically executing a scripted file containing coded instructions.

Or, just think of it as a “web robot” traversing throughout the Internet.

Assistance in creating customized bots is available on many websites.

One such website boasts “Anything you do online [over the Internet] can be automated using a bot, such as account registering, online bidding and purchasing, and content gleaning. Your bot will help you to collect and analyze information, synchronize online accounts, and upload and download data.”

Bots can execute their scripted set of software instructions quickly. A shopping bot script (a bot which automatically makes purchases over the Internet) can complete a transaction in less than a second.

Sounds harmless so far, doesn’t it?

Unfortunately, there have been some very naughty bots out on the Internet causing a lot of mayhem.

Malicious botnet (bot network) attacks will target and disrupt computing servers on the Internet.

Bots are able to obtain information or cause harm by accessing IoT (Internet of Things) devices.

The IoT are those physical smartdevices with sensors and electronics running a computer program with wireless connectivity to the Internet.

There are a couple overlooked IoT devices now being used as part of the arsenal for these bot attacks.

Yes, dear readers, it’s electronic toys and games.

Many of them wirelessly connect to the Internet, which means they are susceptible to being hacked into and used as an entry point by bots.

Once the bot gains access into the IoT toy device, it can attempt to hack into computers on the network the IoT device is on.

Internet-connected toys being infiltrated had one Hong Kong toymaker telling the BBC, “No company that operates online can provide a 100 percent guarantee that it won’t be hacked.”

The toymaker also said it was limiting its liability “for the acts of third parties.”

Bots programmed with evil intentions would probably fall under the “third parties” category.

I researched this overseas toymaker, and found the following statement on their website regarding toys they sell which connect to the Internet: “No method of transmission over the Internet, or method of electronic storage, is 100 percent secure. Therefore, while we strive to use commercially- acceptable means to protect your personally identifiable information, we cannot guarantee its absolute security.”

Although firewalls and cyber defense measures are being used to prevent unauthorized access and protect sensitive information located on public and private computer data servers, websites, and routers, we also need to be watchful of the electronic toys kids are connecting to the Internet.

Approximately 6.4 billion “embedded devices” or IoT devices, will have been connected to the Internet this year, according to Gartner Research.

During the next four years, Gartner predicts we could see this number increasing to 21 billion.

I’d like to think, in a perfect world, IoT devices would improve the quality and productivity of our daily lives.

We know things are not always perfect, and the best-laid plans and intentions sometimes go awry.

Some bots seek vulnerable IoT devices in order to access its connected computer data, glean its information, and sell it to third parties.

There are human influences which seek to undermine the IoT devices by using bots to attack and steal personal information, or access the IoT’s Wi-Fi router and get onto the Internet.

Once a bot attack program takes control of an IoT device, it can cause chaos with other connected devices or computers sharing the same network connection.

It’s like a science fiction movie, but instead of aliens from another planet taking over the Earth, it’s malicious software (malware) programs being spread by a computer virus or bots across devices on the Internet.

These attacks usually occur without the computer or device’s operator being aware of it.

How bad could it get?

A large DDoS (Distributed Denial of Service) attack recently affected online users’ access to many popular social media sites. This DDoS was caused by a powerful malware virus known as the Mirai (Japanese for “future”) virus code.

Mirai can cause computer systems using the Linux operating system to become remotely controlled “cyberbots,” which carry out the bot attack’s coded instructions.

Mirai was designed to be used in large-scale botnet attacks.

In late October, the DDoS cyber-attack against the Dyn computing server left Twitter and Netflix inaccessible. This attack was caused by a Mirai botnet.

The Wall Street Journal recently reported nearly 1 million Deutsche Telekom home Internet routers crashed. The cause was said to be from a Mirai botnet.

DDoS attacks on five of the largest banks and financial institutions in Russia were blocked Dec. 5, according to CyberWire. An advanced version of a Mirai botnet is said to have committed the attack.

IoT devices have little online access protections, and are increasingly being used as an entry gateway or backdoor for bot access and hack attacks.

Manufacturers must realize IoT devices need to incorporate stronger software access authorizations, and/or network firewall protections.

I was once given this sage advice, “Always change an electronic device’s factory default passcode settings.”

Merry Christmas everyone, and be mindful of those Wi-Fi-connected smart toys.

Be sure to follow me on Twitter at @bitsandbytes.