Episode 13 MP3 | Youtube | Twitch.TV | Twitter | FacebookiTunesStitcher

Title: Mirai story updates


  • RallySec previously covered the Mirai botnet source code leak on Episode 10 when it was DDoSing Brian Kreb’s website https://rallysecurity.com/rallysecurity-episode-10-miraiyahoo/
  • New Major attack against DNS provider DYN
  • First attack started around 7am on Oct 21, and had a couple major followups
  • Attack happened hours after DYN researcher Doug Madory presented a talk about combating DDoS attacks at the North American Network Operators Group (NANOG) in Dallas, TX. (Krebs)
  • Sourcecode appears to have been used or modified (Krebs)
  • Does not appear to be used by advanced attackers (Wired)
  • Devices used for the attacks: Smart home devices, home routers, DVRs, networked security cameras. Basically a bunch of InternetofThings (IoT) devices. (PCmag)
  • Hangzhou Xiongmai Technology acknowledged its products were used and recalled thousands of them to aid in remediation of the vulnerabilities (Cyberwire)
  • Vulnerability abused was hard coded or default passwords (PCmag)
  • Probably skiddies considering they performed a DNS attack against port 80 (twitter)

Websites affected by #DDoS : (Wired)

Title: UAE is building their own offensive cyber security team

  • UAE government is recruiting through a cutout company called DarkMatter, which is itself recruiting through cutout recruiters such as a friend of a friend, recruiters that the company disavows, etc.
  • Developed a plan to deploy electronic probes all over major cities in the UAE, which a team of hackers would then break into, guaranteeing access for DarkMatter and its customer
  • Has tried to recruit lots of people from the “top tier” of hackers
  • DarkMatter’s plan was to hire 250 “geniuses” before the end of 2016
  • Has hired from Google, Samsung, Qualcomm, McAfee, and Wickr
  • Apparently they or someone else was confused and tried to recruit me in Sept.