Good afternoon,
Here are the slides for today’s class: Operating-Systems-Week2
If everything is up and running here are the couple of topics of “In the News” from slide 8:
- IntelChronicle: A Meteor Aimed At Planet Threat Intel?: https://krebsonsecurity.com/2018/01/chronicle-a-meteor-aimed-at-planet-threat-intel
- IoT BotnetsExpert: IoT Botnets the Work of a ‘Vast Minority’: https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority
- Hacked CamerasHacked Cameras, DVRs Powered Today’s Massive Internet Outage: https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage
If anyone has an questions please reach out and I will get back to you asap.
Hi Andrew,
Week 2 slides link opens week 1 slides.
Hi Professor,
It seems like you have uploaded week 1 slides instead of week 2.
Sorry, I click on the wrong file when I build the link, I fixed the link; should be working now.
IntelChronicle: A Meteor Aimed At Planet Threat Intel?:
https://krebsonsecurity.com/2018/01/chronicle-a-meteor-aimed-at-planet-threat-intel
This article seems to be touting yet another Google startup/‘spin-in’ called Chronicle. It seems that Chronicle’s mission will be to apply ML and Deep Learning technologies, (which they have yet to build as I understand it) to significantly speed up the detection of zero day malware.
I’m certainly no security expert and this may sound somewhat cynical but I think that although the goal is laudable, it *seems* to me that I’ve heard this all before – nothing unique here. There seems to be any number of vendors and start-ups that are currently working toward this goal (and using similar methodologies). In fact, the article couldn’t provide any detail into exactly what Chronicle’s market differentiation will be – other than it promises to be ‘fast’. If they didn’t have access to the vast capital resources of Google I’d think that this would be a huge red flag to potential VC’s.
What was far more interesting to me was the side discussion about a free service from Google called VirusTotal and a set of ‘antithetical doppelganger malware’ called “no-distribute” scanners.
VirusTotal allows you to upload a file or a URL which it then scans and tells you if its clean or if its malware. The real service to the community that VirusTotal provides is immeasurable because it not only tells *you* if the suspect software or URL is malicious, it also shares that information with the rest of the AV community.
But unfortunately the old adage “no good deed goes unpunished” also applies here. According to; https://krebsonsecurity.com/2009/12/virus-scanners-for-virus-authors/, a ‘cottage industry’ has sprung up that takes the VirusTotal idea and turns it on its head.
Apparently new startups have appeared – the article mentioned av-check.com and virtest.com – that, for a small fee, will determine if your code can be detected by 22 different anti-virus products (the article listed several very recognizable ones). The article claims that av-check actually boasts that they won’t save any of the files that they test and *won’t* disclose them to the AV community.
In effect, (in my opinion), the for-fee services that they provide could serve no other purpose than to help some pretty slimy malware developers who enjoy inflicting pain and mayhem wherever they can. The article provides the following quote from av-check.com about how they operate;
“Each of them is setten [sic] up on max heuristic check level,” av-check promises. “We guarantee that we don’t save your uploaded files and they are deleted immediately after the check. Also , we don’t resend your uploaded files to the 3rd person. Files are being checked only locally (without checking/using on other servers.” In other words: There is no danger that the results of these scans will somehow leak out to the anti-virus vendors.
The false veneer of integrity in that statement is really ironic, (to me anyway)
I honestly had no idea about VirusTotal until I read this article. It seems like it is an extremely useful product for all of the security community and beyond. I’m actually going to try using it to see how it works over the next few days. To your point about the startups which seem to provide services to those wishing to do harm, I completely agree that it’s a really slimy thing to do. I’m not surprised though. With the level of greed and shadiness of some people these days, people will do anything for a buck.
Hi Vince,
I have to agree to your point that the nature and variety of data for building up such systems is going to be huge. Moreover, integrating security practices to existing problems can only be productive when a business would completely understand ML and its intricacies. In current stage, even AI has security flaws and speed alone cannot determine the effectiveness to eliminating malware or even predicting with 100% accuracy.
Expert: IoT Botnets the Work of a ‘Vast Minority’
https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority/
An interview with Allison Nixon, director of security research at Flashpoint, a cyber intelligence firm.
The article provides insights from Allison Nixon on a DDoS platform called Mirai. Basically Marai scanned, identified and then established a vast Bot network – at one point consisting of an estimated 600,000 devices. A few of the characteristics that made Mirai particularly effective as a DDoS platform was its scale and its ability to overwhelm targets at unheard of speeds. Up until the time of the attack, the general consensus was that the maximum limit of devices that could be turned into ‘controllable’ zombie’s was about 100,000 devices. The upper limit of packet throughput that a bot network attack could generate was thought to be about about 50Gbps. The Marai attack was unique because it was six times larger than the largest DDoS attack ever recorded and had throughput exceeding 1.1Tbps
One point that jumped out at me while reading this article is how absolutely critical FAST and PROPER attribution is going to be as these types of attacks become more sophisticated and pronounced in the future.
Nixon refers to the Wired Article that provides a more detailed picture of how the attack unfolded;
( https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/)
That article described the initial speculation that occurred when investigators first began trying to track down who was behind the Marai attacks as follows:
‘…security expert Bruce Schneier in September 2016. “We don’t know who is doing this, but it feels like a large nation-state. China or Russia would be my first guesses.” ‘
With this in mind, I recently read that a Russian General who is one of the Kremlin’s top strategic planners developed a strategic doctrine that makes ‘asymmetric’ Cyber warfare and disinformation one of the central components of Russia’s war fighting capability. As a result, both the US and NATO were considering provisions of their own that could include the use of military force,(e.g., airstrikes, kinetic bombardment, etc) in retaliation for a cyberattack that occurred against anything that they considered to be ‘strategic infrastructure’.
I think the real danger of what happened with Marai isn’t that the Internet was brought to its knees for a couple of hours. I think the real danger is that it creates the potential for mischaracterization of a threat and who is really behind it in an increasingly trigger-happy world.
If that attack had occurred in the midst of a politically charged crisis (like the Cuban missile crisis in the 60’s for example), and the initial assumptions/attributions about who was actually behind the attack was wrong, (as they often are) then it might very well spark a third world war.
To me, it even raises the specter of one nation-state purposefully manipulating circumstances so that a competing nation-state would be blamed for an attack that they were behind (so that their competitor would suffer the retaliatory consequences instead of themselves).
Scary.
The scenario you listed is a real risk, like you said, with today’s trigger happy world. News pundits, politicians, and conspiracy theorists with power could really bring the world to it’s knees if any mischaracterization of a specific attack occurs. I’m particularly worried of consequences if something like this would happen to the US and it is blamed on DPRK or vice-versa. Things could get very ugly very quickly.
Nice summary Vince. The article was very interesting and I especially liked the commentary on how detrimental it was to the criminals that they released their source code.
I thought is was odd that Allison Nixon said “when you can ID them and attach behavior to the perpetrator, you realize there’s only a dozen people I need to care about and the world suddenly becomes a lot smaller.” I find that hard to believe. I think that was the case years ago with folks like Kevin Mitnick and Gary McKinnon, but nowadays we have Nation States training individuals to use very sophisticated open-source tools to conduct attacks, attribution can become much harder. Think about it – these fools released their code in the wild and it still took over a year to build a case against them and arrest them. And since the code for many of these attacks is released in the wild, it opens the door for many copy-cat attacks that make attribution even more challenging.
Jason,
You have mentioned a very important point. I don’t think we should be underestimating these perpetrators to be a small group. These days there are even school students involved in such activities. Even, the men involved in the Mirai botnet were 20 and 21 years of age. So, when Nixon mentions, “These are incredibly deep skills developed over years.”, it alarms me how young these guys must have started off! Yes, and you have mentioned that these days we have even Nation State adversaries training individuals to carry out such attacks. I believe that various terrorist groups also do the same. With the advent of artificial intelligence and the process of virtualization that we are currently undergoing, and from what we have been seeing starting from Melissa to WannaCry, we don’t know what havoc these groups may bring upon. So, it would be a big mistake if we were to consider them to be a small group.
Satwika,
The concept of IoT is still evolving and in fact I don’t see a lot of legislations that require these devices to have a standard protocol. The only thing that makes sense from the perspective of the government is to standardize security to the latest security standards used in the industry. Moreover, there needs to be regulations to monitor the interactions between devices. At this stage, there must hardly be companies around who could determine with 95% confidence on an IoT security breach.
Strava fitness tracking data reveals details of secret bases
https://finance.yahoo.com/news/strava-fitness-tracking-data-reveals-233300274.html
This article can probably be filed under the “whoops, never thought of that!” category.
Apparently, according to the article smart phone based fitness tracking apps (this article mentions Strava), may be inadvertently giving away sensitive information regarding the exact locations of government installations.
These seemingly innocuous fitness devices make the data that they collect publically available in the form of ‘activity maps’. A UCL researcher discovered that in some cases the maps reveal the steps taken by government personnel as they walked around military bases, supply depots, living quarters, etc. in countries like Afghanistan and Syria. The researcher was even able to uncover the paths taken by personnel in locations like the infamous Area 51 and a suspected secret CIA base in Somalia.
The problem is being attributed to lack of awareness by government personnel – although there are government security awareness programs in place that emphasize the importance of disabling location tracking on smart phones while working in sensitive areas, it seems that many people don’t remember to do so.
…follow-up to the initial story:
Pentagon reviews policy after fitness app reveals military locations
https://finance.yahoo.com/news/pentagon-reviews-policy-fitness-app-225200741.html
“US Defense Secretary Jim Mattis has ordered a review of the [fitness tracking smart phone] situation”,
‘In a statement, the Pentagon said, “We take matters like these very seriously and are reviewing the situation to determine if any additional training or guidance is required, and if any additional policy must be developed to ensure the continued safety of DOD personnel at home and abroad.” ‘
This is very very dangerous. If any enemy plotters were to get ahold of this info and be able to put two and two together, it would essentially be like handing over the blueprints to our military installations, safe-houses, and even if you look deeper, you might even be able to track movement on ships and/or submarines to get a layout. For highly classified installations, it would be a good idea to not only turn off location tracking, but to have workers who work in these locations turn over devices while on the premises.
This reminds me of GPS, which was invented by the government in the 1970’s. When it start to become available for commercial use, there were security concerns. They didn’t want someone putting a GPS locator in a location and then being able to direct a missile directly to it! So, in its early form, GPS had built into it Selective Availability. In essence, the GPS signal had a built in variance of about 50 meters horizontally, and 100 meters vertically. As demand and use grew, this was phased out. In 2000, this Selective Availability was removed from the GPS signal. There is still a chance of error, but most of that is do to other conditions, not forced. But the pessimist in me still thinks that somehow, the government is controlling some of this. You would think they have to!
Vince,
this is an interesting issue and it outlines the dangers of cyber warfare. The publicized data literally painted US bases in active deployment areas and made them vulnerable to mortar attacks etc. You are right in saying that the problem stems from lack of security awareness. I think that ultimately US soldiers on active deployment should not be using personal computers at all. However that is probably not enforceable as it would drastically cut morale. Now cyber warfare has become a situation that needs to trained for, or the rules for individuals need to be changed.
Wow. This is a concern. I wonder if Strava shares this information publicly by default or if the users turned on location sharing. I could see this as a very difficult problem to solve. I imagine it would be very difficult for the military track and monitor all potential mobile apps that track and share location data. Some possible solutions:
– Require government issued mobile devices at these facilities that control what apps are used by military personnel (preventative)
– Monitor the web for location sharing associated with cleared facilities (detective)
– Increase training and awareness to military personnel and enforce greater consequences for non-compliance (preventative)
It will be interesting to see the follow-up articles and stories related to this. Obviously Strata is not the only app that is sharing location data.
Working with Hyper-V
Just an FYI for anyone who is thinking about:
– Installing/fooling around around with Hyper-V
– Understanding where Hyper-V manager stores its Virtual Machines
– How to configure a new VM using PowerShell (instead of the Hyper-V Manager).
How to Enable Hyper-V:
Windows 10 comes with Hyper-V already installed so all that you have to do is literally turn it on using the following steps:
Go to
Control Panel->Programs->Turn Windows Features On or Off
Then scroll down and check the box next to HyperV (make sure that all of the HyperV components are selected as well – this should happen automatically).
After you reboot your machine, the HyperV manager will show up under the Start menu – I’d suggest pinning it to the Windows Start menu by
Right Clicking on Windows Hyper-V Manager and selecting “Pin to Start”
Files Used by Hype-rV:
There are basically 5 file types that Hyper-V uses:
1. The .ISO file: this is the ‘raw’ unconfigured disk image of the operating system that is installed. This file is what is downloaded from the Temple Web store and is what HyperV uses as the ‘base image’ the VM. This becomes the VM,(after memory, processor, network adapters, etc. are assigned).
2. The .VHDX file: this becomes the ‘virtual hard disk (VHDx) that contains all of the operating system configuration information – things like administrator and user account definitions, login information, IP address information, etc., etc. The .vhdx file is created from the .iso file configuration process in the hyperV manager. This is THE initial fully configured working VM.
3. The AVHDX file: is created every time a snapshot is taken,(Microsoft refers to snapshots as ‘checkpoints’). The AVHDX file represents the ‘difference’ between the .base VHDX file and any changes that were made after the snapshot was taken.
4. The .VMCX file. This file contains the actual VM machine definitions/settings that were initially configured when the VM is created in HyperV manager. At one time Microsoft (and other hypervisor vendors) stored their VM configuration files as simple text based .XML formatted files but now uses a specially compressed binary file (the .VMCX) instead – the point here is that you can’t just simply open these files up in an editor to take a look at them, you need to use the HyperV manager to do this
5. The .VMRS file: This file contains a ‘memory map’ of the state of the VM right before it was shut down/turned off. Total guess here but I believe it will contain things like the VM pagetable, stytem state, etc. This is also probably how HyperV can recover a VM after an unexpected event occurs (your PC has a power outage, etc).
The Directories Where Hyper-V Stores These Files:
Assume that you want to create a VM for Windows 8 and give it the name of “Windows8_64”, I believe that the default location where HyperV stores these files are as follows:
The following directory is where the .VHDX virtual disk file is stored,(in this case “Windows8.1_64.vhdx”)
C:UsersPublicDocumentsHyper-VVirtual Hard Disks
The following directory contains Windows8.1_64 configuration and snapshot directories,(but keep in mind that your mileage may vary – if in doubt just do a global search for “Hyper-V”)
C:UsersPublicDocumentsHyper-VVirtual Hard DisksWindows8.1_64Windows8.1_64
This subdirectory in the Windows8.1_64 subdirectory contains the Snapshot and the VM Configuration file subdirectories:
……………Snapshots
…………….Virtual Machines
How to Create a VM Outside of the HyperV Manager by Using PowerShell.
You need to have a copy of either the original .ISO file (unconfigured disk image) or the .VHDX file (fully configured previous version) for the VM.
First copy the .iso file (or the .vhdx file) into the directory where HyperV stores its VM disk images.
Next create the VM in the same directory by opening up either the PowerShell command line or a PowerShell ISE session,(remember to do this as administrator).
Enter the following two commands from the PowerShell command line or editor, the first command actually creates the VM and should look like the following:
New-VM -Name ‘Windows8.1_64’ -BootDevice VHD -VHDPath “C:UsersPublicDocumentsHyper-VVirtual Hard Disks .1_64.vhdx” -Path “C:UsersPublicDocumentsHyper-VVirtual Hard Disks\Windows8.1_64Virtual Machines
” -Generation 1 -Switch “Private vSwitch”
Breaking down the previous PowerShell command::
In this case, we will create a Windows 8 VM called “Windows8.1_64” that uses the .vhdx file (instead of the unconfigured .iso disk file image) in the following location,(this is what the -Name “Windows8.1_64” does)
The VHD and -VHDPath command identifies where the hyperviosr can find the Virtual Disk Drive/.VHDX file
C:UsersPublicDocumentsHyper-VVirtual Hard Disks
We also need to provide a path where HyperV can store the VM configuration file:,( this is what the -Path parameter is used for)
C:UsersPublicDocumentsHyper-VVirtual Hard DisksWindows8.1_64Windows8.1_64Virtual Machines
We also want to assign the VM to a virtual switch that was created earlier – this not actually necessary to do at this point, it can be done at any time using the HyperV manager if you want.
In this case I had previously created a vSwitch called “Private vSwitch” when I first installed/configured HyperV
-Switch “Private vSwitch”
Now that we have created the VM we can choose to either configure ita by also using PowerShell or by using the HyperV manager. At this point the HyperV manager should
recognize the new VM and let you configure it for the HyperV Manager console .
To configure the VM using PowerShell we enter the following statement:
Set-VM -Name ‘Windows8.1_64’ -ProcessorCount 1 -DynamicMemory -MemoryMinimumBytes 1Gb -MemoryMaximumBytes 4Gb
The statement above:
– Takes the newly created VM called “Windows8.1_64”
– Configures it for a single virtual processor (the –ProcessorCount parameter),
– Tells the hypervisor that the VM will use dynamically allocated memory whenever it needs to (the –DynamicMemory parameter),
– Tells the hypervisor that the VM must have a minimum of 1025MB of RAM at startup, (the the –MemoryMinimumBytesparameter)
– Tells the Hypervisor that the VM must not get any more than 4096MB of RAM at any one time (the – MemoryMaximumBytes parameters)
That’s it! Hope this
Expert: IoT Botnets the Work of a ‘Vast Minority’
Link: https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority/
In this article, Allison Nixon, director of security research at Flashpoint, a cyber intelligence firm based in New York City, shares her perspectives on IoT security and the role of law enforcement in the investigations of the Mirai attack. Mirai is a self-propagating virus which mainly targets to infect poorly protected IoTs and once it infects a device, it repeats the process to form a botnet which are then controlled to carry out DDoS attacks. The below link provides an elaborate retrospective analysis of Mirai:
https://elie.net/blog/security/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis
I very much agree to Nixon’s point in stating that, “as time progresses, the community that practices DDoS and malicious hacking and these pointless destructive attacks get more technically proficient when they’re executing attacks, and they just become a more difficult adversary”. Especially in this case, since the source code for Mirai was made public, arresting the three hackers involved in Mirai attack just doesn’t close things there. It is highly likely that other attack groups would have acquired this source code and are developing their own Mirai variants which may be even more detrimental than the previous ones. The Windows based spreader for Mirai is apparently just one version of it. This windows-based version of Mirai has been found to be even more refined and sophisticated. This enables Mirai to acquire newer devices which were previously inaccessible thus expanding their existing massive botnet army.
The article also mentions IoT Cybersecurity Improvement Act of 2017, which is aimed at maintaining mandatory standards required to be met by the IoT devices procured by the federal government. Let us hope that this law would eventually set standards for securing IoT devices and oblige the manufacturers to develop better products which are less vulnerable to cyber threats and breaches. However, security shouldn’t start and end at the manufacturer. I believe that the manufacturers, network providers and the end users should work in a loop to build a more robust and secure cyber infrastructure.
Nice post Satwika,
I`ve looked at the IoT Cybersecurity Improvement Act of 2017. This legislation includes contractor responsibilities with respect to internet-connected device cybersecurity. The legislation requires vendor commitments: that their IoT devices are patchable, don’t contain known vulnerabilities, rely on standard protocols and don’t contain hard-coded passwords.
You are right Mustafa. Although this Act is applicable only to the devices procured by the government agencies, may be in the long run manufacturers will adopt the same set of standards for the average customers as well.
Article:
https://krebsonsecurity.com/2018/01/chronicle-a-meteor-aimed-at-planet-threat-intel/
Chronicle: A Meteor Aimed At Planet Threat Intel? | Brian Krebs
Also cited: https://blog.x.company/graduation-day-introducing-chronicle-318d34b80cce
Premise: Alphabet Inc. is rolling out “Chronicle”, a cyber-security tool that uses machine learning to gather and analyze security signals. Alphabet’s research division– X.company– compares modern cyber security to biological virus-fighting. “Your body solves [the problem of infections] by adapting […]” X says.
The problem with traditional security is that threats need to be identified based on existing knowledge. When securing a small bare-metal LAMP server for example, one would probably use Fail2Ban for minimum security. Malicious signs such as excessive password failures and exploit seeking would be reported and blocked by Fail2Ban. However these rules need to be set in advance, therefore the threat environment needs to be researched and constantly updated on.
Chronicle aims to avoid that by updating the threat environment dynamically, just like an Antivirus updates definitions based on heuristic analysis. In fact, VirusTotal, another company owned by Alphabet, already interchanges definition data with over 70 Antivirus companies.
The biggest problem with existing Antivirus software is that it identifies the malicious files, but not the attack vector. Hopefully this is something that Chronicle will solve.
Hi all I have been working with Professor Szajlai on an issue with Assigment 1.
Assignment 1 has you use Cygwin to view the WindowsUpdate.log file live as the log is being updated. The issues is that in Windows 10, the WindowsUpdate.log file is no longer a readable text file. Windows update logs are now are part of Event viewer and the files are stored as .ETL files in c:windowslogsWindowsUpdate
This article explains how to view those files using Powershell or the Tracefmt.exe utility.
https://blogs.technet.microsoft.com/charlesa_us/2015/08/06/windows-10-windowsupdate-log-and-how-to-view-it-with-powershell-or-tracefmt-exe/
Both solutions create a static text file of the WindowsUpdate.Log files for you to read. Using Powershell is the easiest, it’s now a built in command to convert the .ETL log files to a readable file. The Tracefmt.exe program is a bit more intense, and you get the same result.
Here is a quick link to a video I made, if you need help.
https://drive.google.com/open?id=1AO3v1JQ_K1RA8RubOsmVJjDMYnehIkLq
Please feel free to contact me if you need!
Scott
Thanks Scott – this was super helpful because I came across the same error and I was struggling with the solution. I like how you articulated the change in Windows 10 and why we now had to use a different approach to generate a static text file to view the logs.I really appreciate the video demonstration.
Chronicle: A Meteor Aimed At Planet Threat Intel?
https://krebsonsecurity.com/2018/01/chronicle-a-meteor-aimed-at-planet-threat-intel/
Chronicle is a new service designed to help companies more quickly make sense of and act on the threat data produced each day by cybersecurity tools. This is service is released by Alphabet Inc., the parent company of Google. Many organizations rely on diverse security software, hardware and services to find and detect cybersecurity attacks, but the problem is the big data produced by these tools. And this big data may cause IT staff miss key signs of an intrusion.
This new service called Chronicle provides massive data analytics and storage capabilities, machine learning and custom search capabilities to the organizations. About this service, the CEO Stephen Gillett said that “We want to 10x the speed and impact of security teams’ work by making it much easier, faster and more cost-effective for them to capture and analyze security signals that have previously been too difficult and expensive to find.”
The company did say Chronicle would use data from Virus Total, a free service acquired by Google that allows users to scan suspicious files against dozens of commercial antivirus tools simultaneously. Currently, Virus Total handles approximately one million submissions each day.
Mustafa-
Nice summary. One million file submission a day for Virus Total. Seems kind of low to be honest. Is the idea to get everyone using some sort of open standard for virus comparison to keep them from spreading? If so I can get on board with that – would need to be able to scrub any sensitive data however or have a trusted authority to do this.
Hacked Cameras, DVRs Powered Massive Internet Outage
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
In October of 2016, a massive attack on the internet infrastructure company Dyn caused massive outages throughout the country. The source code of a malware strain called Mirai had previously been released by the hacker that created it. Following that, it was used by cyber criminals to form a botnet out of hacked IoT devices; mostly DVRs and IP cameras manufactured by XiongMai Technologies. This was cause for a deeper examination of the major vulnerabilities permeating the fast expanding realm of IoT. Many of the devices come with pre-loaded default passwords and firmware settings, which are not easily changeable to average users. Overall, the evolving landscape of IoT has meant fast-paced development and deployment, which has left little time or consideration for security to be built in. As the prevalence of IoT devices expands and threats continue to grow, the industry will have to adapt and devote more resources to properly securing these products and infrastructure.
Hi Matt,
That’s definitely an interesting article to read. One thing that I have noticed is that the pace of new technological development relative to considerations of building a fool proof security within is far larger. IoT companies and security agencies are already finding it a lot harder to prevent malware within these devices. As you pointed out, the industry will actually have to outpace the technological development before new consumers are roped in to use these machines.
https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority/
The Internet of Things market is rapidly growing to include devices like dish washers, personal assistants, televisions, and thermostats are just a few. As the popularity among IoT devices grow, the concern over exploiting these devices for malicious use will also grow. This subject was the topic of discussion during an interview with Brian Krebs and Allison Nixon. Brian is writer for his website krebonsecurity.com and Allison is the director of security research at Flashpoint, a cyber intelligence firm in New York City.
Brian and Allison hit on several points of security with IoT devices. The first thing they outlined was the Mirai malware virus that infected IoT devices used in DDoS attacks. Three men who created the Mirai virus pleaded guilty last month to various cyber crimes. One of the men went by the name Litespeed, his real name is Josiah White, is well known in the cyber hacking community.
These types of hacks will become worse unless security gets better. Allison offered a few suggestions on what she is seeing with security and IoT devices. First, she believes legislation around finding and prosecuting hackers will become more defined. The Mirai case trial was in Alaska because current laws protect small offenses. Prosecutors selected Alaska because most of the devices infected were in Alaska. The more devices infected, the greater the sentencing. We may see these infections without state borders in the future. Second, she believes manufactures of these products will become more security focused. She gave the example of routers and how they have been designed to be much more secure than originally intended.
I can say that I have a few different IoT devices set up around my house, but they are never plugged in when I am not using them. I just unplug the device; however I don’t have something like a refrigerator or thermostat. These devices make it a bit more difficult to simply unplug. I guess if I was to make a recommendation… Choose the IoT device wisely. Think about the risk it poses and compare it to the benefit you receive. Do you really need to unlock your door with a cell phone? Is using a key / key pad that much of a burden that you would risk a hacker installing firmware to restore the locks factory settings, with the default codes? I personally will stick to my traditional key I get at the local hardware store.
Hi Fred,
Very interesting take on choosing IoT wisely. I have a Ring doorbell that we bought because solicitors are constantly coming to the door and I was concerned about family safety. I can’t choose to “unplug” this device, so I’ve accepted the risk that I have an IoT device that is always on.
I do periodically check the firmware of my device to make sure it is up to date and I’ve even run a network scan of my IoT devices using Nessus.
While I know that this does not eliminate the risk, I still choose to accept it because I do feel that the safety and convenience to my family outweighs the risk of an IoT bot attack. I also have many other layers of security on my network that would help prevent an attack.
Hi Fred,
One of the biggest problems with Iot is that it just doesn’t affect organizations, they are now targeting homes. And we all know that the majority of home users take their router out of a box, plug it in, and it works. They are happy, and that is the end of it. They don’t change the default password, which is easily obtainable, and they open themselves up to so many attacks. In the old days, a hacker would have to sit outside of your house and hack your WiFi. No longer! With these Iot attacks, they can reach all of your Internet enabled devices from anywhere. To me, this is the biggest scare. Because most home users won’t even know how to fix it, or detect any problems!
I think you’re going to see a wave of new products for the home user. Norton is already jumping on this. https://www.theverge.com/2017/1/3/14124662/norton-core-router-announced-smart-home-security-ces-2017
It’s convenience. Joe and Suzie Smith (I apologize if this is you) want to be able to use their APP on their phone to turn off the lights in the house, or lower the heat while they are away. A convenience. The more we enable technology for users, the more criminals will go after it. A camera in my fridge, so I can see from my phone how much milk is left, and should I stop and buy more on my way home!? Maybe. But know that script kiddie in China is looking at your camera too!
Are there any “Horror” movies about IoT devices killing people? Hummm….
I have gotten a couple of questions about the posts; I’m sorry if that caused some confusion. I have posted the items from the slides the night before class for the following weeks class. I’ll talk about that in this weeks class. Please with the update page as where to post. I have see a number of you have already started.
Please keep the great work with VMWare and helping me learn about the different versions about Hypervisors. I’ll have to try hyper-v on my Surface Pro as well as a few others have already done so. Remember it is not the specific hypervisor more the learning. Specifically for this week.
I have just finished editing and uploaded an updated video of installing Windows 10 in Fusion 10. I’m sorry that they changed the interface and had to a bit of homework are video editing to get and update video for the class. Please let me know if there are any question. It was placed into the same location as where the other videos have been placed in the OWLBox account I send everyone links.
“Why Your Innocent Office Printer May Be a Major Security-Attack Target For Your Company”
https://www.entrepreneur.com/article/308273
With only being a month in to 2018. Even as IT Security students, we all know that someone or some company has already had a major breach as it’s impossible to be 100% protected all the time. In the article, the author discusses the security flaw which was uncovered within Intel processors and how it is immensely quicker and easier to patch the security on cloud-based services compared to in-house servers. Normally we would hear about credit card P.O.S. devices being hacked, or a company or person getting hacked through phishing. You don’t hear about hardware security flaws nearly as much. The author points out three areas which may be being overlooked as important areas to keep secure.
1. Social Media Accounts. While most people might treat strange emails coming in to our work address with scrutiny, it’s likely that most are not treating messages on their social media accounts with the same level of caution. For company social media accounts, these should definitely be treated with the same security concerns as company email.
2. Printers. While industry generally focuses on security for IoT and Mobile devices, printers can be left vulnerable as many are, as the author states, “Plug and play”. The author recommends similar protections to what I would advise companies to do as well as what I have personally experienced. Companies should never keep default passwords on printers, place them behind the firewalls, and implement a “pull” type system where employees print to a network queue and have to badge into the printer to release the print job to that specific printer.
3. Continuous Employee Education. While the security recommendations and training might say one thing at one point in time, the direction and instruction might change and/or evolve very quickly in today’s landscape. Continuously educating your employees on new and evolving threats without sounding like a broken record is a key element to preventing any breaches.
Wow, imagine the size of the botnet if printers became the zombies of a DDoS attack. It is a long list of manufactures out there and a lot of printers:
Canon, Fujitsu, HP, Konica Minolta, Lexmark, Xerox, Sharp, Kyocera Mita, Kodak, Brother, Samsung, Toshiba…
IoT BotnetsExpert: IoT Botnets the Work of a ‘Vast Minority’:
https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority
After reading the article, I am questioning about whether it is ethical for an investigation that law enforcement agencies and security researchers pay money for malicious hackers in order to access the malware? It should take account into supporting the hackers or stopping them?
Chronicle: A Meteor Aimed At Planet Threat Intel?
https://krebsonsecurity.com/2018/01/chronicle-a-meteor-aimed-at-planet-threat-intel/
First off, I am a big fan of the KrebsOnSecurity blog. I always find that Brian Krebs seems to find the right balance of articulating technical details in a manner that is understandable to individuals with novice to intermediary technical knowledge.
As others have explained, this blog post discusses one of Alphabet’s new ventures, Chronicle, that will be a service aimed at leveraging big data and machine learning to very quickly and cost-effectively identify security threats.
Although, the article did not get into many specifics around the technical details of the service and did not divulge the Fortune 500 companies that will be participating, it speculates that it will leverage data from another Alphabet/Google acquisition – i.e. VirusTotal.
I had never used VirusTotal, so I visited the site. This seems like a really useful tool that would allow someone to inspect a suspicious file, URL, hash, or IP address. I tried searching a few URLs (e.g. Torrent sites and retailers). The tool provided dozens of scan results from multiple sources, gave details of the site (e.g. site categories and IP address), and allowed comments and ratings from the community users. I can definitely see myself using this tool in the future..
As for the Chronicle service, I agree with others that this is yet another potential big data machine learning solution in a very crowded space. I could see Google playing an industry leader, however, because of their expertise in data analytics from their core search engine business.
Nice post Jason,
After I had read your post, I visited the website of Virus Total. And I really agree with you, it seems like useful and user-friendly tool to analyze URL, IP address, domain or file hash. I`ve also tested some URLs and saw that Virus Total inspects items with over 70 antivirus scanners and URL/domain blacklisting service.
By the way, I`ve also checked mirai scanner that you mentioned under my post last week. I liked this scanner also. I am waiting your new recommendations. Thanks Jason.
Glad to hear Mustafa! How did the scan go for you? I have not had a chance to restart all devices and re-run the scan. Does anyone else have any suggestions on scanning your network for devices that are subject to Mirai?
I am a fan of Nessus and OpenVAS. Nessus is free and available for Windows. You can download on local host and scan your home / small office network. Nessus / Tennable offers several plug-in’s for different types of scans. You could also do the basic scan, which we did in Ethical Hacking, but this won’t discover the Mirai vulnerability. You will have to use the Advanced Scan and select the proper plug-in. Here is a link to Tennable.
https://www.tenable.com/blog/reaper-iot-botnet
Another online scanner you may want to check out is Censys.io. It uses Zmap and Zgrab to identify specific information about a network. It is glitchy sometimes and have to play around with how you search for mulitple IPAddresses or even a range, but it is a good and quick recon tool to identify how you may want to handle the pentest.
Hacked Cameras, DVRs Powered Today’s Massive Internet Outages
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
As information technology continues growing and providing advanced technology function to improve daylily life, at the same time, there are more and more attacks every single year. According to the article, “Hacked Cameras, DVRs Powered Today’s Massive Internet Outage”, a massive attack on the internet infrastructure company name Dyn that caused massive outages throughout the country. Dyn Inc. is an internet performance management company that offering different products like monitor, control and optimize online infrastructure and domain registration services to many different companies. Due to lack of security of internet infrastructure, the cybercriminals used the source code of a malware strain named Mirai which was created by a hacker group and allow anyone effectively build their own individual attack by using Mirai. The article also mentions that the cybercriminals used a Mirai-based botnet in today’s ongoing attack on hacked loT devices which mainly compromised DVRs and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. Many of the hacked loT devices come with pre-loaded default passwords and firmware settings which caused a deeper examination of the major vulnerabilities. In conclusion, the article states that with insecure loT devices, we need an industry security association with the published standard that all members adhere to and are audit against periodically in order to prevent any cyber attack.
As security professionals that is in the industry or going to join the industry, we should always keep this in mind and drive vendors and product owners to stop hard-coding passwords in to their products. For example, I used to work for Comcast in my previous life and we would work with vendors for some of the hardware we would use in our customer’s locations or even in our data centers and would also push the vendor to update their firmware or code to stop including credentials in their product. If we all do this we can help drive products our companies use or work with to stop this terrible practice. – Sev Shirozian
Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
In this article Krebs details an attack on IoT devices using the malware Mirai, a version of which was used earlier this year to attack Krebs own site. The malware searches for generic usernames and passwords, many of which are manufactured by XiongMai Technologies, a parts subcontractor out of China. DVR devices seem to be particularly vulnerable to the attack, as well as IP Cameras. These are the kind of “zombie” IoT devices that can act as a conduit for DDoS attacks.
Once the devices are found, the Mirai malware runs attacks from it to take down other services. Dyn, an IT infrastructure company seems to be the biggest target of the attack. The real issue with IoT devices here comes from the subcontracting of parts and the OS – even if you change the username and password / credentials on the device, its parts might still be open to the old credentials, which in many cases cannot be changed after the fact. No flashing the BIOS on these IoT devices for a fix.
In order to prevent these kinds of attacks, we must harden our firewalls, make sure that inbound AND outbound traffic is scrutinized. I wrote about this last week when I mentioned I scan my IoT dvcs including Amzn Alexa to see whats going on. We should also be more wary of buying things like inexpensive cameras (and DVRs) from a consumer perspective. Also, manufacturers and retailers of these products should have more accountability when it comes to liability – I could see in the future a class action suit against a reckless manufacturer whose device is hijacked.
In addition to hardening firewalls, the US needs to work on strengthening legislative protection – trade barriers and the like should be used, as well as broadening the legal scope for liability. If you produce a device that has chips in it which are susceptible to this kind of attack, the onus should be on you. We don’t accept paint with lead, baby powder formula with poison etc. I don’t see a big difference between importing dangerous goods and importing recklessly dangerous technology.
I would have to agree with you regarding the class action law suit. I would imagine it would be international law. That sounds like a nightmare of dead ends.
I think with the scope of the average consumer the responsibility of protection will fall on the manufacturer. Poor development or foresight is at fault here. There are IoT devices out there with out these weaknesses.
Hopefully responsible consumers in the future will buy the right product which should place strain on the business that have poor practices.
Expert: IoT Botnets the Work of a ‘Vast Minority’
https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority/
The article features a discussion between Brian Krebs and Allison Nixon, director of security research at Flashpoint, about the Mirai attack and possible future solutions with the rise of IoT. Mirai is a malware that infects IoT devices to act as botnets to conduct cyberattacks.
The article starts with Brian and Allison discussing about Mirai and one of the creators that pleaded guilty. With Allison providing her opinion and perceptive, the article goes into possible ways of preventing another attack like Mirai from happening again. One of the topics that were covered were of proposed laws in order to combat future situations from happening.
From reading through the article, I believe that Allison provides a possible solution that can stop future wide spread attacks like Mirai. With having enforcement and lawmakers involved, the fines and penalty that are to rise exponentially for cybercrimes. The possible fear of being caught by the law enforcement might be able to scare those from moving further with attacking or causing DDOS.
I agree to your statement Richard that the increase in scrutiny and imposing of fines will definitely reduce or to say the least, give more wings to cyber security specialist to implement counter measures. The case of Mirai is definitely going to be a larger cases where criminals were caught and this would serve as a lesson for other attackers as well.
Chronicle: A Meteor Aimed At Planet Threat Intel?
https://krebsonsecurity.com/2018/01/chronicle-a-meteor-aimed-at-planet-threat-intel
In an industry saturated with vulnerability scanners, virus scanners, IDS/IPS etc, it is difficult to see how Chronicle will differentiate itself from other security software, in particular the software that will provide its backbone, VirusTotal. However, since this is essentially a Google production, there is hope that the company will be able to leverage its data mining expertise to achieve its goal of “10x the speed and impact of security teams’ work by making it easier, faster and more cost effective to capture and analyze security signals that have previously been too difficult and expensive to find.”
According to the article, VirusTotal has helped antivirus companies decrease the amount of false positives generated in scans by providing a database that gets shared with the entire community of antivirus vendors who lend their tools to the service. In my opinion, this open source, sharing of information is the best way to combat malware. The larger the database, the more likely it is to contain a particular virus. Since Google has arguably the largest database of any organization, it is hopeful that Chronicle will use this information to give security professionals a more effective tool against malware authors.
As we know, the information security profession is a cat and mouse game between security professionals and hackers. The recent Intel vulnerabilities will only add to the threat vectors available to attackers. Hopefully, Chronicle will be a valuable addition to the tools needed to help mitigate these attacks.
I thought this was a pretty good article too. I always love new products and services that companies like google and apple come out with. They take ideas others had a formalize it into a worthy product (most of the time). I can’t wait to see when Chronicle is out and how it’s going to use virus total and AI to give us an enhanced security tool that the industry can use. – Sev Shirozian
Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
Iot is a very hot topic right now. It is basically a continuing circle of chasing your tail in Cyber security. Those with malicious intent are always going to look for a way to get in, and find the easy route. As Cyber professionals work to harden servers and workstations against cyber attacks, criminals explore other vulnerable devices that most people wouldn’t even think of.
In today’s day and age, it’s pretty fair to assume that anything that has a direct link to the Internet is a potential target for Cyber attack. Tomorrow’s target is unknown, and we can only do our best to protect against attack and have an appropriate plan in place to react when an attack does come. I know when this IoT attack first hit, I was busy checking my infrastructure. Thankfully, we take the stance of giving the least amount of access needed in any scenario. Our cameras, are on a seperate VLAN internally that does not have any access to the Internet. I know not all companies can do this, since some require outside access. This is going to be a hot topic for months and years to come!
Since a large portion of these devices have no possible fix in sight. Scary but our months and years to come will transition into timeframes of equipment upgrades, failures and passing technology.
https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority/
After reading this article, I think there will always be these issues. With limited resources, there is no way for government agencies to keep up with enforcing new cybersecurity threats. Requirements or policies and procedures from these agencies often comes after threats or vulnerabilities has already been exploited. On the other hand, new devices and technologies are being rolled out in the masses without security being a priority. In my opinion, hackers will always have the upper hand since there will always be a gap between new tech and security.
Hi Dun,
I do agree with you, but technology not only creates newer threats, but also enables services to counter the same threats. Though at one hand resources might be limited, but there are always cost-effective solutions like the one imposed on manufactures to implement security while shipping. These measures might not be that effective, but can definitely curb threats to travel to users systems.
Chronicle: A Meteor Aimed At Planet Threat Intel?
https://krebsonsecurity.com/2018/01/chronicle-a-meteor-aimed-at-planet-threat-intel
In this article, it is mentioned, on what factors do the companies rely on security software and what factors do IT staff generally miss out, The article also talks about challenges faced by a new company which is entering into Cyber security or anti virus firm, how the new company example- CHRONICLE- (a malware intelligence service acquired by Google) should be able to differentiate itself from the existing available tools in the market.
https://medium.com/chronicle-blog/give-good-the-advantage-75ab2c242e45
Companies CEO Stephen Gillett mentions that they would include new features like machine learning, artificial intelligence also massive data analytics and storage capabilities which hopefully enable to help these organizations to reach the present standards.
When I read through the article, “Hacked Cameras, DVRs Powered Today’s Massive Internet Outage” on Krebs on Security, it reminded me why DDoS protection is very important at your companies. Unfortunately, there were layers of people affected by this attack. Layer 1 in the onion is Dyn, the vendor that was targeted using the Mirai malware source code. Unfortunately in this case, it didn’t stop with just Dyn being affected, it also affected Dyn’s customers, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. Everything single one of this clients are huge in the online industry. It doesn’t stop with just affecting Dyn and their direct customers, but it also affected Twitter, Amazons, Netflix’s end consumers too. It prevented people like you and me from using this paid for services. This waterfall affect of causing outages is very common when a DDoS attack is targeting a service for a broad audience. Which brings me back to my original point, why it’s so important to have DDoS protection at your company. Mitigating a DDoS attack can prevent outages ultimately to your company and to your end consumer customers. There are 3 ways you can protect yourself from a DDoS attack. The first way is using your Internet Service Provider. All major ISPs offer security services that include DDoS protection and mitigation. This is when the ISP itself will identify your company is being targeted by an attack and will redirect all the traffic it is receiving and will scrub it and redirect only the good traffic to your companies servers/websites. This is a great solution because if you were the company, you would never see any degradation of service on your network. It would be handled one hop before the traffic hits your network. Another way to mitigate DDoS attacks is similar to the first method, however instead of the ISP scrubbing your traffic, the traffic is redirected to a third party scrubbing center. This adds some complication to routing but is used common in the industry if the company doesn’t want to use their ISP or if their ISP doesn’t offer a DDoS mitigation solution. A third way to mitigate DDoS attacks is by doing in onsite in your data center. There are vendors out there like Arbor Networks where you can purchase on premise hardware that you can put inline and will automatically scrub your traffic and clean it before it gets to the rest of your network. Some people don’t like outsourcing their security services so they may prefer this solution over the first two. In any case, with DDoS as a service growing on the dark web, it’s worth taking the time and looking at these three options for DDoS protection of your company. You don’t want to be the next Dyn!
– Sev Shirozian
article: https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage
Just a FYI
I use a Windows machine and post installation of Windows 10 using VMWare Workstation, when I tried to power ON the Virtual Machine I got an error prompt saying “This host supports Intel VT-x, but Intel VT-x is disabled”. However, once I enabled the VT settings in the BIOS, the Virtual Machine worked perfectly fine.
I am just curious to know if any of you encountered this situation on a MAC machine.
Wow so Google wants to start offering services (Chronicle) to increase cybersecurity intrusions ten fold. I wonder if this service is born of their own necessity much like AWS began to Amazon. To which Amazon is now the majority leader in cloud services. This is really interesting news but so much of it seems to be based on Alphabets best hopes and dreams or just speculation. I like the author and the rest of his references would like to know more…
Google is a juggernaut. With their capital and data horde failure is barely a possibility. Their is high hopes this will spawn a revolution in the industry from a one journalist referenced,
“Imagine if other companies spin out their tools…Netflix, Amazon, Facebook etc. That could be a fundamentally reshaped industry.”
Hell yes! I know I would like to see what Amazon’s version of Chronicle. Something is keeping their cloud safe.
Brock,
I would also like to see these scanners, but playing the other side of the coin…
The users of these scanners are creating the database for them. Example: As a pentester, I use Chronicle to search for vulnerabilities of a specific IPAddress. It then scan’s the IPAddress for vulnerabilities. It does or doesn’t identify vulnerabilities and reports back to the user… as well as an internal database that neatly organizes the data for future reference.
We are Googles recon pentesters… Thoughts?
Expert: IoT Botnets the Work of a ‘Vast Minority’
This article is a discussion between Allison Nixon, the director of security research at Flashpoint and Bryan Krebs from KrebsOnSecurity. They talk about IoT security in its current state and the recent Mirai malware strain used to create malicious botnets of IoT devices. This article was interesting as Allison states that current ways to deter malicious actors like reporting servers they are using maliciously or writing articles naming individuals only has a limited kind of impact to deter the malicious actors as they will improve their operational security measures and try to be more sneakier with their actions. Bryan Krebs also brings up a good point about the malicious actors behind mirai who released their source code for the malware. Krebs states this negatively impacts them as it can aide researchers in trying to find who made the code. They talked in depth about the botnet case and how the Mirai actors are caught and will be put on trial in Alaska. This case may set precedents in terms of procedures and processes used when going after cyber crime. This will be an interesting case to keep tabs on as it may affect future law enforcement when it comes to cyber crimes.
https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority/
https://krebsonsecurity.com/2018/01/expert-iot-botnets-the-work-of-a-vast-minority/
IoT Botnets the Work of a ‘Vast Minority’
This article is basically a conversation between Brian Krebs and Allison Nixon, director of security research at Flashpoint. Allison shares his perspective on the IoT landscape and talks about the case of Mirai attack. Concerns over the rapid growth of IoT and the enormous amount of data generated as a result of interactions among several devices is a matter of concern.
The case under discussion is basically about Mirai virus which is a virus that attacks the less protected IoT devices to create a botnet around so that cyberattacks can be carried out. The 3 men who conducted the attacks pleaded guilty for their act and causing potential damage to over 6, 00,000 devices. Allison provides some really interesting examples and suggestions to strengthen security around IoT so that attacks like the one of Mirai do not happen again in the future. One possible suggestion given by Allison is to have proper regulations and well defined sentencing around such cases. The case though was witnessed in Alaska, Allison believes that in the future prosecution of such cases will become more defined and smooth. Allison also believes that with incidents like these, manufacturers of IoT devices will need to take appropriate measures to implement security aspects within these devices. Much of the mishaps around IoT, at least at such a nascent stage of development, has been seen around user problems and misuse. No matter how many recommendations are offered to turn off devices when not in use, users ultimately resort to their previous methods. Attacks of the nature of Mirai happened because of weak protection of the IoT devices that were connected. The best solution that I feel is to choose the devices carefully and use it in just the way one would protect sensitive information and not pass critical data across devices without double-checking.
https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/
Hacked Cameras, DVRs Powered Today’s Massive Internet Outage
The article talks about how Hacked Cameras and DVRs caused internet outage on a large number of websites. The attacks have happened because of hacked IoT devices that hindered internet use for many users and caused problems for users trying to access websites such as Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. Investigations around the incident reveal that Mirai was the cause of the attack. This occurred largely because of spreading the source code of Mirai, enabling others to create their own version of Mirai virus. The way Mirai works is that it first targets the weak IoT devices protected only by factory username and password and then attacks with junk traffic until a point when these devices can no longer accept more legitimate visitors.
As mentioned by Zach Wikholm in the article, the issue with these particular devices is that a user cannot feasibly change this password and more worse is the fact that the web interface cannot even recognize that the credentials even exist. The need of the hour as mentioned is to have “Industry security association, with published standards that all members adhere to and are audited against periodically”.