http://www.wired.com/2014/04/hikvision/
BY ROBERT MCMILLAN
Enterprise
Wired.com
04.01.14
Here's something we haven't seen before: security camera recorders hacked
and used to mine bitcoin.
The issue was first reported by Johannes Ullrich, an instructor at the
SANS Technology Institute -- a computer security training organization.
Last Friday, he discovered malicious software infecting the Hikvision DVRs
used to record video from security cameras. The malware jumps from device
to device, trying to infect any other machines it can find on the network.
But it also tries to earn a little scratch for its creators by mining
bitcoins, a processor-intensive activity that would probably slow down any
infected DVR.
Though this is a novel method, it's hardly the first time hackers have
tried to bust their way into other people's hardware in order to make some
bitcoin, the popular digital currency. The bitcoin system is run by
independent machines spread across the globe, and if you contribute
processing power to the system, you receive some bitcoin in return. This
is called mining, and hackers often seek to mine using any machines they
can gain control of -- including security camera DVRs.
Most malicious software is written for Linux or Windows machines, but
Ullrich has seen this new malware infect routers and DVRs in the past.
That usually happens accidentally when a worm written for a Windows or
Linux system spreads to strange devices that happen to be running the same
operating system. But here, the malicious code "was actually complied for
the ARM processor that's running these devices, he says, "so they kind of
knew what they were into." Since Friday, Ullrich has also spotted the
malware running on a router. He couldn’t immediately be reached for
comment.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
