Archive for the ‘Bots’ Category

I Spy A Mirai Botnet

Saturday, October 29th, 2016

Rob Graham created telnetlogger to:

This is a simple program to log login attempts on Telnet (port 23).

It’s designed to track the Mirai botnet. Right now (Oct 23, 2016) infected Mirai machines from around the world are trying to connect to Telnet on every IP address about once per minute. This program logs both which IP addresses are doing the attempts, and which passwords they are using.

I wrote it primarily because installing telnetd on a Raspberry Pi wasn’t sufficient. For some reason, the Mirai botnet doesn’t like the output from Telnet, and won’t try to login. So I needed something that produced the type of Telnet is was expecting. While I was at it, I also wrote some code to parse things and extract the usernames/passwords.

Cool!

A handy, single purpose program that enables you to spy in Mirai botnets.

Rob has great notes on managing the output.

Perhaps you should publish the passwords you collect (internally) as fair warning to your users.

Or use them in an attempt to hack your own network, before someone else does.

Enjoy!

PS: It complies, etc., but even for the pleasure of spying on Mirai botnets, I’m not lowering my shields.

Security Community “Reasoning” About Botnets (and malware)

Sunday, October 2nd, 2016

In case you missed it: Source Code for IoT Botnet ‘Mirai’ Released by Brian Krebs offers this “reasoning” about a recent release of botnet software:

The source code that powers the “Internet of Things” (IoT) botnet responsible for launching the historically large distributed denial-of-service (DDoS) attack against KrebsOnSecurity last month has been publicly released, virtually guaranteeing that the Internet will soon be flooded with attacks from many new botnets powered by insecure routers, IP cameras, digital video recorders and other easily hackable devices.

The leak of the source code was announced Friday on the English-language hacking community Hackforums. The malware, dubbed “Mirai,” spreads to vulnerable devices by continuously scanning the Internet for IoT systems protected by factory default or hard-coded usernames and passwords.

Being a recent victim of a DDoS attack, perhaps Kerbs anger about the release of Mirai is understandable. But only to a degree.

Non-victims of such DDoS attacks have been quick to take up the “sky is falling” refrain.

Consider Hacker releases code for huge IoT botnet, or, Hacker Releases Code That Powered Record-Breaking Botnet Attack, or, Brace yourselves—source code powering potent IoT DDoSes just went public: Release could allow smaller and more disciplined Mirai botnet to go mainstream, as samples.

Mirai is now available to “anyone” but where the reasoning of Kerbs and others breaks down is there is no evidence that “everyone” wants to run a botnet.

Even if the botnet was as easy (sic) to use as Outlook.

For example, gun ownership in the United States is now at 36% of the adult population, but roughly one-third of the population will not commit murder this coming week.

As of 2010, there were roughly 210 million licensed drivers in the United States. Yet, this coming week, it is highly unlikely that any of them will commandeer a truck and run down pedestrians with it.

The point is that the vast majority of users, even if they were competent to read and use the Mirai code, aren’t criminals. Nor does possession of the Mirai code make them criminals.

It could be they are just curious. Or interested in how it was coded. Or, by some off chance, they could even have good intentions and want to study it to fight botnets.

Attempting to prevent the spread of information hasn’t resulted in any apparent benefit, at least to the cyber community at large.

Perhaps its time to treat the cyber community as adults, some of who will make good decisions and some less so.

Bots, Won’t You Hide Me?

Thursday, June 23rd, 2016

Emerging Trends in Social Network Analysis of Terrorism and Counterterrorism, How Police Are Scanning All Of Twitter To Detect Terrorist Threats, Violent Extremism in the Digital Age: How to Detect and Meet the Threat, Online Surveillance: …ISIS and beyond [Social Media “chaff”] are just a small sampling of posts on the detection of “terrorists” on social media.

The last one is my post illustrating how “terrorist” at one time = “anti-Vietnam war,” “civil rights,” and “gay rights.” Due to the public nature of social media, avoiding government surveillance isn’t possible.

I stole the title, Bots, Won’t You Hide Me? from Ben Bova’s short story, Stars, Won’t You Hide Me?. It’s not very long and if you like science fiction, you will enjoy it.

Bova took verses in the short story from Sinner Man, a traditional African spiritual, which was recorded by a number of artists.

All of that is a very round about way to introduce you to a new Twitter account: ConvJournalism:

All you need to know about Conversational Journalism, (journalistic) bots and #convcomm by @martinhoffmann.

Surveillance of groups on social media isn’t going to succeed, The White House Asked Social Media Companies to Look for Terrorists. Here’s Why They’d #Fail by Jenna McLaughlin bots can play an important role in assisting in that failure.

Imagine not only having bots that realistically mimic the chatter of actual human users but who follow, unfollow, etc., and engage in apparent conspiracies, with other bots. Entirely without human direction or very little.

Follow ConvJournalism and promote bot research/development that helps all of us hide. (I’d rather have the bots say yes than Satan.)