Vigilantes Are Trying to Secure IoT Devices…by Hijacking Them

- April 19, 2017

After Mirai, the scale of the IoT problem became clear, and since the events that took place last winter, hackers have been competing for control of the hundreds of thousands of easily hackable devices open to the Internet.

Ars Technica‘s Dan Goodin reports that a new botnet, named Hajime, has been observed hijacking IoT devices using the same password set as Mirai. The goal is to close open protocols like Telnet while using a distributed peer-to-peer network to issue software updates to these vulnerable devices, most of them home routers. So far, the botnet appears to have infected as many as 10,000 vulnerable routers.

According to BleepingComputer, researchers discovered the botnet back in October of last year, but it was unclear at first what the botnet’s purpose was, as it was not sending any DDoS or malicious traffic.

Then it was discovered the author was actually closing ports often exploited by other IoT malware, including 23, 7547, 5555 and 5358.

This is in addition to the recently discovered Brickerbot botnet that appears to be taking less of a soft-touch approach and rather just wiping the firmware and boot record for IoT devices, virtually destroying the device or at least making it impossible to use without replacing hardware.

Combined with efforts to sinkhole Mirai command and control servers, it appears—if the goal is to minimize the ongoing damage of Mirai—that it is working for now.

Dan Goodin with Ars notes that while the intentions of these vigilante hackers may be altruistic in trying to help contain the IoT malware problem, their actions are still very much illegal.