Title: Mirai story updates
- RallySec previously covered the Mirai botnet source code leak on Episode 10 when it was DDoSing Brian Kreb’s website https://rallysecurity.com/rallysecurity-episode-10-miraiyahoo/
- New Major attack against DNS provider DYN
- First attack started around 7am on Oct 21, and had a couple major followups
- Attack happened hours after DYN researcher Doug Madory presented a talk about combating DDoS attacks at the North American Network Operators Group (NANOG) in Dallas, TX. (Krebs)
- Sourcecode appears to have been used or modified (Krebs)
- Does not appear to be used by advanced attackers (Wired)
- Devices used for the attacks: Smart home devices, home routers, DVRs, networked security cameras. Basically a bunch of InternetofThings (IoT) devices. (PCmag)
- Hangzhou Xiongmai Technology acknowledged its products were used and recalled thousands of them to aid in remediation of the vulnerabilities (Cyberwire)
- Vulnerability abused was hard coded or default passwords (PCmag)
- Probably skiddies considering they performed a DNS attack against port 80 (twitter)
Websites affected by #DDoS : (Wired)
- Several services shifted away from relying on DYN, and the collateral damage was reduced as the internet recovered
- Who was the big winner, IE who did everyone shift to instead? OpenDNS? Google?
- Internal dissent amongst the botnet operators? (https://twitter.com/danielkennedy74/status/791001850707374080/photo/1)
Title: UAE is building their own offensive cyber security team
- UAE government is recruiting through a cutout company called DarkMatter, which is itself recruiting through cutout recruiters such as a friend of a friend, recruiters that the company disavows, etc.
- Developed a plan to deploy electronic probes all over major cities in the UAE, which a team of hackers would then break into, guaranteeing access for DarkMatter and its customer
- Has tried to recruit lots of people from the “top tier” of hackers
- DarkMatter’s plan was to hire 250 “geniuses” before the end of 2016
- Has hired from Google, Samsung, Qualcomm, McAfee, and Wickr
- Apparently they or someone else was confused and tried to recruit me in Sept.