New Delhi: In a revelation that blows holes in the understanding that CCTV cameras can only mean good, about 25,000 digital video recorders and CCTV cameras were hacked globally last week to launch distributed denial-of-service (DDoS), which are the infected Trojans attacked against websites.
The countries with the largest number affected devices are Taiwan (24 percent), the U.S. (16 percent), Indonesia (9 percent), Mexico (8 percent), Malaysia (6 percent), Israel (5 percent), and Italy (5 percent).
The findings were revealed by the researchers from web security firm Sucuri, based in United states who observed one such attack on the website of one of the company’s customers - a small brick-and-mortar jewellery shop.
Hackers flooded the website with about 50,000 HTTP requests per second at its peak. The Sucuri researchers were able to tell that the traffic was coming from closed-circuit television (CCTV) devices because most of them responded to HTTP requests with a page entitled “DVR Components Download.”
The hacking was done globally but It is still not clear how these devices were hacked.
Similar incidence happened back in March, when a security researcher found a remote code execution weakness in DVRs from more than 70 vendors. In February, researchers from Risk Based Security estimated that more than 45,000 DVRs from different vendors use the same hard-coded root password, which leads to hacking easily.
There is not much that the owners of CCTV DVRs can do, because vendors hardly patch known vulnerabilities, especially in older devices.