BrickerBot worm destroying IoT devices

BrickerBot worm destroying IoT devices [Image: xijian via iStock]

A botnet that has the ability to permanently incapacitate Internet of Things (IoT) devices has been affecting insecure webcams and other connected things for a few weeks, leading to concern about the whole industry’s level of security.

The BrickerBot program, developed by a hacker known as The Janitor, comes in multiple versions and can virtually disable devices. First discovered in March, the latest iteration has been dubbed BrickerBot.3 by Pascal Geenens, the researcher who first highlighted the existence of the worm.

It can wipe all files stored on a device, corrupt its storage and completely cut its internet connection. The cost and time necessary to repair an affected device can cause it to become totally useless – as effective as a brick.

Permanent denial of service (PDoS) bots have been scanning the internet for Linux-based devices that have been secured with factory default passwords. They then gain remote access and proceed to brick the device.

Security firm Radware first discovered the worm, setting up honeypot traps that resulted in 2,250 attacks from two separate botnets, BrickerBot.1 and BrickerBot.2. Now, though, BrickerBot.3 has surfaced and appears to be the most damaging variation yet.

BrickerBot.3 attacked far quicker than the previous two, with 1,295 attacks being mounted in just 15 hours. According to ArsTechnica.com, it used a “modified attack script that added several commands designed to more completely shock and awe its targets”.

In comparison, BrickerBot.1 attempted 1,895 attacks during the four days it was active, while BrickerBot.2 – which is still active – is launching almost 12 attacks each day.

But why did The Janitor launch BrickerBot? For the good of the IoT, according to him.

In a blog post, he wrote: “Like so many others I was dismayed by the indiscriminate [distributed denial of service] attacks by IoT botnets in 2016. I thought for sure that the large attacks would force the industry to finally get its act together, but after a few months of record-breaking attacks it became obvious that in spite of all the sincere efforts the problem couldn’t be solved quickly enough by conventional means.”

He then went on to say that he considers what he’s doing helpful to the internet community, even going so far as to compare himself to chemotherapy, saying that it is “a harsh treatment that nobody in their right mind would administer to a healthy patient, but the Internet was becoming seriously ill in Q3 and Q4 of 2016 and the moderate remedies were ineffective”.

Some critics have praised his actions, with John Biggs writing on TechCrunch.com that if users “can’t secure their own systems, perhaps a bit of discriminate destruction is just what these things need to stop leaving admin passwords wide open”.

Whether The Janitor’s actions will actually prove to be the catalyst for more security measures being introduced remains to be seen. What is known now is that his worm has caused a great deal of damage.