On Pastebin, someone posted a database of valid logins and passwords to thousands of IoT devices

The other day, information security experts discovered another leak of thousands of login / password pairs from Internet of Things devices, which were registered along with IP gadgets, which can be accessed using this data. It is reported that the data that went online is valid; hackers can easily use it to turn IoT gadgets into zombies or other targets. The base is located in Pastebin , it was first published in June. Since then, leak authors have updated the contents of the database several times.

It is worth noting that the passwords and logins in question are suitable for 8233 IoT devices, 2174 of which were on the network at the time of Friday morning and were accessible via Telnet. Information about the leak is provided by the GDI Foundation in the person of its leader, Viktor Jervers. He also said that out of 2174 systems that were online on Friday, 1774 were accessible by logins and passwords from the database. It is noteworthy that for all 8223 devices only 144 login / password pairs were used. In other words, the users of these devices hardly changed the default access data.

Well, since the base itself has been “hanging” in Pastebin for several months now, it will be naive to believe that information security specialists have just seen it. Most likely, the attackers have already used it to attackers, they use it now. However, before the publication of information about passwords in Pastebin, the page with the base was not visited too many times - at the time of its “discovery” it had only 700 views. Now, after the media broke the news on the Internet, the number of views already amounts to tens of thousands.
')
“There is nothing new in that access to devices remains defaulted or the password / login changes to weaker connections,” said Troy Hunt, a representative of Have I Been Pwned . It is this service that is the first to warn about the massive leakage of passwords and usernames of users of well-known visited sites, allowing you to check your data for compromise. There is really nothing new in the vulnerability of IoT devices. But the placement of a database of access to thousands of devices only aggravated an already not very merry situation. Not only that someone shared and used valid passwords and logins, but someone else also indicated the IP addresses of the gadgets that can be accessed through this data, as mentioned above.


Why attackers IoT devices? On a small scale, they can use, for example, home cameras to monitor victims. More courageous and ambitious attackers create botnets from “zombie” IoT gadgets, the attack power of which is very high. These botnets, as already reported on Geektimes , were used to carry out DDoS attacks on the largest organizations in the world responsible for network infrastructure. Also, those who were able to observe what was happening in order to eliminate the problem and identify the culprits suffered. This, in the first place, is about Brian Krebs , a network security specialist who cybercriminals really dislike.

Most over the past couple of years, the Mirai botnet has distinguished itself. Unlike all other botnets, it doesn’t affect workstations running Windows OS, but “cloud” devices. Then, a botnet is formed from infected devices, so powerful that even resources that are well protected from DDoS cannot resist it. An example is the French organization OVH.

As for the list of data accessing IoT gadgets, some of them indicate that a number of devices belong to a botnet / botnet. For example, such a login / password pair as mother: fucker is typical for gadgets that have become “zombies” affected by malware.



The list also contains currently invalid data that most likely has been modified by the owners of IoT devices. But the majority of bundles work, so, in principle, anyone can seize control over vulnerable devices. The vast majority of logins and passwords are those that were originally specified by the manufacturer. For example, such:

• admin — 4,621
• 123456-698
• 12345-575
• xc3511-530
• GMB182—495
• Zte521—415
• password — 399
• oelinux123-385 </ li
• jauntech — 344
• 1234—341

Here are the most popular published links:

• root: [blank] —782
• admin: admin — 634
• root: root — 320
• admin: default — 21
• default: [blank] —18

Anyway, all users of IoT devices, whether a refrigerator or a surveillance camera, should remember that the login and password specified by the manufacturer by default should be changed immediately after connecting a new device to the network. Otherwise, instead of improving security, such gadgets will only spy on their users.

Well, publishing data about vulnerable devices, no matter who does it, only simplifies the work of intruders who can create botnets used for personal purposes without any problems. By the way, at the end of July, the botnet operator Mirai was sentenced to a suspended sentence. Then he said that he wanted only to earn money for the wedding with his girlfriend.