Hacking CCTV Cameras to Launch DDoS Attacks

Leave a Comment

All over the world, there are like countless gadgets and devices connected to internet called as Internet of Things. Apart from PCs, Laptops, Smart Phones, Tablets there are some of widely used as well as numerous Internet of Things including CCTV Cameras, Street Lights, Surveillance Cameras, Traffic Lights, Smart Pipes, Smart TVs, Refrigerators and much more.

Hacking CCTV Cameras to Launch DDoS Attacks

Hacking CCTV Cameras to Launch DDoS Attacks
Hacking CCTV Cameras to Launch DDoS Attacks

But in this age of technology, some of these ‘Smart’ devices have made us think about security measures around us as Cyber Criminals are making these Internet of Things as weapons for a Cyber War.

In a recent research, Security Researchers have found that simple CCTV Cameras – Common Internet of Things i.e. IoT device have been targeted by some hackers to launch DDoS i.e. Distributed Denial-of-Service Attacks.

CCTV Cameras are like almost everywhere, widely used in Shopping Malls. They have been hacked to form a large botnet that can even blow huge website off the internet just by launching crippling Distributed DDoS Attacks.

Why’s that happening?

Taking over CCTV cameras was possible by hackers because CCTV Camera operators are having a Lax approach for security and don’t change their default passwords.

We came to know across the sudden DDoS Attacks while Imperva’s Incapsula Security Researchers warned about it. They came to know about CCTV Botnet Attacks by March 2014.

Although Imperva has recently released a latest blog post and quotes the DDoS Attack has now peaked at 20,000 requests/ second and originated from approximate 900+ CCTV cameras running embedded versions of Linux and BusyBox toolkit in them.

Also the got to know something even more:

After some research, they got to know that some of the CCTV Cameras were already infected with some of danger malware programs. That CCTV  was located in a shopping center which was merely five minutes far from the team’s office.

This Malware Program is called: Bashlite OR Lightaidra OR GayFgt which has specially designed for ARM versions of Linux.


The one where 900+ CCTV cameras were affected that most common attack has HTTP GET request and originated as well as spread around the world through these cameras.

Targeted countries include India, China, Indonesia, Iran, Thailand and US.

Surprisingly, target of DDoS Attack was a less often used asset of a famous Cloud Service having millions of users, all over the world although Imperva didn’t actually mentioned the name of that targeted firm.

But there’s one thing: all of the affected cameras were being monitored by the firm and were from different locations, suggesting no single but multiple hackers must have been abusing the weakness of these less-secured cameras.


All these smart devices and smart gadgets notably get our work done much faster but without proper security of such devices, they’ve become even easier to be hacked.

With this shocking incident discovered by Imperva, has left technology giants as well as all of us to secure such connected devices.

As we all know, whenever any new gadget or advanced function comes in market, everyone is rushed towards it without even knowing each and every aspect of security. We all should probably think more regarding the security of such Internet of Things.


Post a Comment