Web security specialist Incapsula has discovered a malware that can hijack closed circuit TV (CCTV) cameras and turn them into weapons. This was revealed when the security firm identified repeated HTTP flood attacks on one of its clients, which all originated from CCTV cameras. The malware was in the form of a code that can turn around 900 Linux-based CCTVs located in different parts of the globe into a botnet.
"The malware we found inside them was an ELF binary for ARM named (.btce) a variant of the ELF_BASHLITE (a.k.a. Lightaidra and GayFgt) malware that scans for network devices running on BusyBox, looking for open Telnet/SSH services that are susceptible to brute force dictionary attacks," Incapsula said on its website.
The bulk of the discovered CCTV botnets target an unnamed "large cloud service" used by millions of people, noted Engadget. So far, the attacks were considered "run of the mill" and involved denial of service. Incapsula did not reveal if there were more serious effects.
What is particularly worrisome for experts is the fact that the attacks on CCTVs were carried out easily. Several cameras are found in potentially sensitive locations and are driving sensitive data. This means that the attack can also compromise public safety and security especially with the ease by which the cameras are exploited, Boing Boing reported. This is highlighted by the fact that a number of the CCTV cameras have been attack by multiple hackers.