Recipe .... meet DISASTER !

Security Consultant
3 Replies

First Do No Harm …

A popular, if somewhat misquoted part of the Hippocratic Oath that our Physicians take needs to be heeded by security professionals. Engadget and several other sites are reporting a security incident where thousands of video security cameras were compromised and the computing power was redirected to assist with large scale denial of service attacks. It is one thing when the camera that you have installed is compromised and your video stream is viewed without permission by others. It is another when the fact that your video camera is hurting other persons and companies as part of a botnet.

Recipe …. meet Disaster

Recipe Ingredients

  • 1 low power linux engine running a video camera
  • 1 low security communication path such as telnet to the linux engine
  • 1 set of default or minimal passwords
  • 1 internet connection

Mix the above ingredients. Add one to one million computer experts who are motivated by revenge, curiosity or financial gain. Let stand without watching for an extended period of time. Ignore updates to the network or the security camera. For quicker results, place the ingredients on a wireless network.

Disaster

A computer expert who now owns your video camera .. or rather the computer that runs your camera. These computers are typically small in size and power however this computer expert owns a large number of other cameras as well. The net result is that a small computer multiplied by a very big number has the capacity to do some serious harm. If you are lucky, your business is insignificant and the expert will only use your video camera to hurt others. Don’t be “That Guy”  🙂

ISC West 2016 Video Analytics ….. soonIs that OSINT or OSINF ??
3 Comments

Share Your Thoughts

Your email address will not be published. Required fields are marked *