Friday, April 23, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

January 19, 2020
in Internet Security
Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: ZDNet

A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) “smart” devices.

The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

You might also like

Best free PC antivirus software in 2021

ServiceNow launches unified agent platform, aims to meld diagnostics with incident automation

SolarWinds hack analysis reveals 56% boost in command server footprint

According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

These types of lists — called “bot lists” — are a common component of an IoT botnet operation. Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware.

These lists are usually kept private, although some have leaked online in the past, such as a list of 33,000 home router Telnet credentials that leaked in August 2017. To our knowledge, this marks the biggest leak of Telnet passwords known to date.

Data leaked by a DDoS service operator

As ZDNet understands, the list was published online by the maintainer of a DDoS-for-hire (DDoS booter) service.

When asked why he published such a massive list of “bots,” the leaker said he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers.

iot-list-files.png

Image: ZDNet

All the lists the hacker leaked are dated October-November 2019. Some of these devices might now run on a different IP address, or use different login credentials.

ZDNet did not use any of the username and password combos to access any of the devices, as this would be illegal — hence we are unable to tell home many of these credentials are still valid.

Using IoT search engines like BinaryEdge and Shodan, ZDNet identified devices all over the world. Some devices were located on the networks of known internet service providers (indicating they were either home router or IoT devices), but other devices were located on the networks of major cloud service providers.

Danger remains

An IoT security expert (who wanted to remain anonymous) told ZDNet that even if some entries on the list are not valid anymore because devices might have changed their IP address or passwords, the lists remain incredibly useful for a skilled attacker.

Misconfigured devices are not evenly spread out across the internet, but they’re usually clustered on the network of one single ISP due to the ISP’s staff misconfiguring the devices when deploying them to their respective customerbases.

An attacker could use the IP addresses included in the lists, determine the service provider, and then re-scan the ISP’s network to update the list with the latest IP addresses.

ZDNet shared the credentials list with trusted and vetted security researchers who volunteered to contact and notify ISPs and server owners.

Credit: Zdnet

Previous Post

How Hindustan Zinc Using Machine Learning & IoT Powered DCT

Next Post

How can we trust AI if we don't know what it's thinking?

Related Posts

Best free PC antivirus software in 2021
Internet Security

Best free PC antivirus software in 2021

April 23, 2021
ServiceNow launches unified agent platform, aims to meld diagnostics with incident automation
Internet Security

ServiceNow launches unified agent platform, aims to meld diagnostics with incident automation

April 23, 2021
SolarWinds hack analysis reveals 56% boost in command server footprint
Internet Security

SolarWinds hack analysis reveals 56% boost in command server footprint

April 22, 2021
New US Justice Department team aims to disrupt ransomware operations
Internet Security

New US Justice Department team aims to disrupt ransomware operations

April 22, 2021
Facebook uncovers Palestinian government officials targeted with malware
Internet Security

Facebook uncovers Palestinian government officials targeted with malware

April 22, 2021
Next Post
How can we trust AI if we don’t know what it’s thinking?

How can we trust AI if we don't know what it's thinking?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Evolving ITOps with AIOps with no-code AI training with Cloud Pak for Watson AIOps – IBM Developer
Technology Companies

Evolving ITOps with AIOps with no-code AI training with Cloud Pak for Watson AIOps – IBM Developer

April 23, 2021
Best free PC antivirus software in 2021
Internet Security

Best free PC antivirus software in 2021

April 23, 2021
Cybercriminals Using Telegram Messenger to Control ToxicEye Malware
Internet Privacy

Cybercriminals Using Telegram Messenger to Control ToxicEye Malware

April 23, 2021
Strategies for a successful Voice of the Customer program
Data Science

Strategies for a successful Voice of the Customer program

April 23, 2021
European Values Confront AI Innovation in EU’s Proposed AI Act  
Artificial Intelligence

European Values Confront AI Innovation in EU’s Proposed AI Act  

April 23, 2021
Artificial Intelligence and Machine Learning: Demographics & Firmographics
Machine Learning

Global Federated Learning Solutions Market (2020 to 2028)

April 23, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Evolving ITOps with AIOps with no-code AI training with Cloud Pak for Watson AIOps – IBM Developer April 23, 2021
  • Best free PC antivirus software in 2021 April 23, 2021
  • Cybercriminals Using Telegram Messenger to Control ToxicEye Malware April 23, 2021
  • Strategies for a successful Voice of the Customer program April 23, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates